1037243d6219a8d3643b62c579190f37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1037243d6219a8d3643b62c579190f37_JaffaCakes118
Size

22KB
MD5

1037243d6219a8d3643b62c579190f37
SHA1

a233ad5c8b43084663722e0f1137cb88aa630805
SHA256

60cc93622626f61937c46bd8a58532ef8b96eec7fafc9e8a2df06047420a2d79
SHA512

941baa8aedb8069c35d87874223dbbba0cabd546bc31f5f69ea49e86189b8d2372ee3cf2f86386237ba8dd12c602ec9904d7fa63a76a38ed20786ae9b1b88127
SSDEEP

384:RPV8tXm8u0ws5oLiEWSW5iwWjIqsASJI396luCtWDzAKoZP/vx64MdABrcWSW5il:R98t3wqR55aIqsASJI39guesA1ZHp6Fz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1037243d6219a8d3643b62c579190f37_JaffaCakes118

Files

1037243d6219a8d3643b62c579190f37_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ec824ca180d238db3c7c6d3152e38cad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sfloppy.pdb

Imports

ntoskrnl.exe

IoSetHardErrorOrVerifyDevice
KeBugCheckEx
IoBuildDeviceIoControlRequest
IoCreateSymbolicLink
_allshr
swprintf
IoSetDeviceInterfaceState
RtlFreeUnicodeString
IoGetConfigurationInformation
KeInitializeEvent
IoBuildSynchronousFsdRequest
KeWaitForSingleObject
IoBuildAsynchronousFsdRequest
IofCallDriver
memmove
ExFreePoolWithTag
RtlCompareMemory
ExAllocatePoolWithTag
RtlInitUnicodeString
IoRegisterDeviceInterface
sprintf
IoAttachDeviceToDeviceStack
KeTickCount
IoDeleteDevice

hal

KfLowerIrql
KfRaiseIrql

classpnp.sys

ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl
ClassSendSrbAsynchronous
ClassDeleteSrbLookasideList
ClassAsynchronousCompletion
ClassAcquireRemoveLockEx
ClassModeSense
ClassFindModePage
ClassReadDriveCapacity
ClassSendSrbSynchronous
ClassInitializeSrbLookasideList
ClassInitializeMediaChangeDetection
ClassQueryTimeOutRegistryValue
ClassClaimDevice
ClassCreateDeviceObject
ClassInitialize

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rxpw
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec824ca180d238db3c7c6d3152e38cad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

classpnp.sys

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 272B

.data Size: 768B - Virtual size: 752B

PAGE Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rxpw Size: 11KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 384B - Virtual size: 384B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 272B

.data
Size: 768B - Virtual size: 752B

PAGE
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rxpw
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 384B - Virtual size: 384B