09c0cf1b9f6e246259a13e226aa324d8_JaffaCakes118

General

Target

09c0cf1b9f6e246259a13e226aa324d8_JaffaCakes118
Size

57KB
MD5

09c0cf1b9f6e246259a13e226aa324d8
SHA1

319f2fc749b3156187975e98fbff05ac18e4c6c1
SHA256

f33cdcdaf07e38ebba2484e4946b34b0014979d6744b4817c3739c1af1e41653
SHA512

b78b2704785da6c98460c26dda79462ebb785f285ff7ea61d957e137ff655111f286ca4d20d02969b60fe22fda4c13f36f2a3ba934053c46cd384fb6135fb3ae
SSDEEP

768:+oJxirC1UAZkb5GRIVEys4lJ2W4NptlP/0XyVC47SxGUh82Z7CA+:+onQokVts4lktn/0Xy1qT8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09c0cf1b9f6e246259a13e226aa324d8_JaffaCakes118

Files

09c0cf1b9f6e246259a13e226aa324d8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a0845228c51b544d66ecb418a7321ea8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
IoGetDeviceObjectPointer
MmMapLockedPages
KeSetEvent
IoFreeIrp
_stricmp
ObfDereferenceObject
ZwCreateKey
_wcsicmp
KeInitializeEvent
ExInterlockedPushEntrySList
IoAllocateMdl
KefAcquireSpinLockAtDpcLevel
ExInterlockedPopEntrySList
IoAllocateIrp
ExInitializeNPagedLookasideList
memset
IoFreeMdl
ZwSetValueKey
NtClose
MmBuildMdlForNonPagedPool
KeWaitForSingleObject
ZwWriteFile
ExFreePoolWithTag
ZwQueryInformationFile
ZwCreateFile
ZwClose
ZwReadFile
KefReleaseSpinLockFromDpcLevel
ExAllocatePoolWithTag
KeDelayExecutionThread
RtlUnwind
PsGetVersion
PsLookupThreadByThreadId
KeInsertQueueApc
PsLookupProcessByProcessId
KeStackAttachProcess
KeUnstackDetachProcess
KeInitializeApc
ZwQuerySystemInformation
MmGetPhysicalAddress
MmHighestUserAddress

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreePacketPool
NdisFreePacket
NdisAllocateMemoryWithTag
NdisOpenAdapter
NdisRegisterProtocol
NdisDeregisterProtocol
NdisFreeBufferPool
NdisFreeMemory
NdisCloseAdapter
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisAllocateBufferPool

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0845228c51b544d66ecb418a7321ea8

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 41KB - Virtual size: 41KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 41KB - Virtual size: 41KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB