036a6693f348f013778964abac6a3612_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

036a6693f348f013778964abac6a3612_JaffaCakes118
Size

742KB
MD5

036a6693f348f013778964abac6a3612
SHA1

c140d33978d2c51d43670fdff45b51c1f2c0bba4
SHA256

0e3c3c0c0ab460a3ceccf8b092340e8b2e16f8c84cf4cedf89c669f01ec5578d
SHA512

10ba27a9af62b8db24c1e3287bd5a99b1789af3501f9c3516e8592d8113cec7b812557903415686b86eafbffc2c30a444ef3a3827c71a82fe645a265061cbc13
SSDEEP

12288:dBIyjUBtFPpZ3pItSQuWklQWZN9Y2HiOoy0CnbVU1kwt0S0BXJF8mp+vSpq7HlNc:dBIyjwFPrGtS2hUnBvoEUdt0JqJy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036a6693f348f013778964abac6a3612_JaffaCakes118

Files

036a6693f348f013778964abac6a3612_JaffaCakes118
.sys windows:4 windows x86 arch:x86

33fe55f482241d002d61a53374f9ce9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
_snprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
KeBugCheckEx
KeWaitForSingleObject
KeSetEvent
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
ZwQueryValueKey
PoCallDriver
ObfDereferenceObject
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
IoAllocateIrp
ZwOpenKey
RtlQueryRegistryValues
IoFreeMdl
KeCancelTimer
IoQueueWorkItem
IoBuildDeviceIoControlRequest
KeClearEvent
ObReferenceObjectByHandle
KeSetTimer
IoSetDeviceInterfaceState
IoCancelIrp
IoRegisterDeviceInterface
ZwSetValueKey
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
IoReleaseCancelSpinLock
PsTerminateSystemThread
IoWMIWriteEvent
DbgPrint
RtlInitAnsiString
IoWriteErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
IoAcquireRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
KeQueryTimeIncrement
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
IoDisconnectInterrupt
IoConnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
ZwQuerySystemInformation
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 321B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33fe55f482241d002d61a53374f9ce9e

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 333KB - Virtual size: 333KB

.rdata Size: 512B - Virtual size: 321B

.data Size: 16KB - Virtual size: 16KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 387KB - Virtual size: 387KB

.text
Size: 333KB - Virtual size: 333KB

.rdata
Size: 512B - Virtual size: 321B

.data
Size: 16KB - Virtual size: 16KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 387KB - Virtual size: 387KB