fbb498a81488b7dffb436867e23f1af0_JaffaCakes118

General

Target

fbb498a81488b7dffb436867e23f1af0_JaffaCakes118
Size

66KB
MD5

fbb498a81488b7dffb436867e23f1af0
SHA1

745415966cf8450dd45778e80e847a0503b77dab
SHA256

0c1d41caeb6bfb69b06b8d36c4259842aa27a320e3482275710505201e5b0b75
SHA512

42c1c4ca818ebae194f4c14053b2df10f2cec01d911189cd6a081aa129dc3f94db623b8394e1083ecfb7cf7b7baedf64cea091cdfcfbe6aae047e59b985933d0
SSDEEP

1536:2pVzkrvw4ys1cVc9sNBIK79l4ThXwRNQCCJUj/:2ngr4Zs1ca9sNBN9miR2CCJUj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbb498a81488b7dffb436867e23f1af0_JaffaCakes118

Files

fbb498a81488b7dffb436867e23f1af0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

af1f4c6aa3ebc31a5523c0ffa0989a49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KfReleaseSpinLock
KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
KfAcquireSpinLock

ntoskrnl.exe

_alldiv
SeDeassignSecurity
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
DbgPrint
RtlUpperChar
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlOemStringToUnicodeString
RtlInitString
MmMapLockedPagesSpecifyCache
RtlAppendStringToString
RtlInitAnsiString
strchr
strncpy
KeCancelTimer
ZwClose
ZwCancelTimer
ZwSetTimer
ZwCreateTimer
_aulldiv
_allmul
IofCompleteRequest
IofCallDriver
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
KeSetTimer
KeInitializeDpc
KeInitializeTimer
IoDeleteDevice
KeClearEvent
ExDeleteResourceLite
IoFreeIrp
IoGetRelatedDeviceObject
ProbeForWrite
_except_handler3
RtlCopyUnicodeString
DbgBreakPoint
ZwCreateKey
memchr
ZwReadFile
ZwQueryInformationFile
RtlFreeUnicodeString
ZwCreateFile

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.PAGE1
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af1f4c6aa3ebc31a5523c0ffa0989a49

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 15KB - Virtual size: 15KB

INIT Size: 1024B - Virtual size: 1024B

.reloc Size: 256B - Virtual size: 198B

.PAGE1 Size: 256B - Virtual size: 256B

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 15KB - Virtual size: 15KB

INIT
Size: 1024B - Virtual size: 1024B

.reloc
Size: 256B - Virtual size: 198B

.PAGE1
Size: 256B - Virtual size: 256B