0f2070b4b27939a748a3b0c7af53c6df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f2070b4b27939a748a3b0c7af53c6df_JaffaCakes118
Size

38KB
MD5

0f2070b4b27939a748a3b0c7af53c6df
SHA1

c023ad3ab55cfcd625d1e976d136310918112506
SHA256

f6cf5acce1430d180cf958983d4baf32b58377fa50087afb6675d04f32d7456e
SHA512

870a3a56017ecedc05158ad4c3639e5334010036345c65938716b4287c36df0958be4ffdb44a6aa6dd72dd5b09bbcde7d34eaeb4eb6453a1c1f15f7860da12ff
SSDEEP

768:oAh2/R3Fzc/HadX6wP2HPBMaZey4U6Vo90n:XheR3y/HadX6wcPBMeLCoC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f2070b4b27939a748a3b0c7af53c6df_JaffaCakes118

Files

0f2070b4b27939a748a3b0c7af53c6df_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f2e420c4530b53f578f1a06d2a4937eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
_wcsnicmp
ZwCreateFile
ZwWriteFile
ZwQueryValueKey
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
ZwQueryInformationFile
PsCreateSystemThread
IoFreeMdl
NtClose
ZwReadFile
ExInitializeNPagedLookasideList
ZwSetValueKey
KeSetEvent
MmMapLockedPages
ZwCreateKey
IoFreeIrp
ZwDeleteKey
_stricmp
ObfDereferenceObject
ZwFlushKey
ZwClose
memcpy
memset
KeDelayExecutionThread
KefReleaseSpinLockFromDpcLevel
IoAllocateIrp
ZwOpenKey
ExInterlockedPopEntrySList
KefAcquireSpinLockAtDpcLevel
IoAllocateMdl
ExInterlockedPushEntrySList
ZwSetInformationFile
KeInitializeEvent
KeGetCurrentThread
_wcsicmp
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
RtlUnwind
KeInsertQueueApc
KeUnstackDetachProcess
KeInitializeApc
ZwQuerySystemInformation
MmGetPhysicalAddress
MmHighestUserAddress
PsGetVersion
PsLookupThreadByThreadId
PsLookupProcessByProcessId
KeStackAttachProcess

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreeMemory
NdisAllocateBufferPool
NdisAllocateBuffer
NdisFreePacketPool
NdisFreePacket
NdisCloseAdapter
NdisAllocateMemoryWithTag
NdisFreeBufferPool
NdisDeregisterProtocol
NdisAllocatePacketPool
NdisAllocatePacket
NdisOpenAdapter
NdisRegisterProtocol

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2e420c4530b53f578f1a06d2a4937eb

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 256B - Virtual size: 252B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 256B - Virtual size: 252B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB