17df40262d059a04896689dc504d9373_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17df40262d059a04896689dc504d9373_JaffaCakes118
Size

145KB
MD5

17df40262d059a04896689dc504d9373
SHA1

62459b09ee2604061aeb5a2c3ac6f6ac74b11e7d
SHA256

00d790eed5b49d7b8910e810b770d50f36db953fe0a563624148f6a8314394a1
SHA512

cabaa6fff9b22e23de8ea983175acdb882b4d9e26bd12b12066f15fca9790e5e2fcd48ba406a1b362b63ac1ede048b4fb31268ca2d607b62b2d48ef899360cac
SSDEEP

3072:SspHNM42bblVikrAffhHk20/csxhl4GlVXuBAWKsgCeIKJ:dtM4KbTikcffhHk20/t23KJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17df40262d059a04896689dc504d9373_JaffaCakes118

Files

17df40262d059a04896689dc504d9373_JaffaCakes118
.sys windows:6 windows x86 arch:x86

32c5874e5a1f8bc36b2e05a99431435e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

pci.pdb

Imports

ntoskrnl.exe

RtlFindRange
KeLeaveCriticalRegion
KeSetEvent
KeWaitForSingleObject
KeEnterCriticalRegion
PoUnregisterPowerSettingCallback
IoGetDeviceProperty
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
PoRegisterPowerSettingCallback
_allmul
RtlFindClosestEncodableLength
RtlIoEncodeMemIoResource
memcpy
ZwSetValueKey
ZwDeleteKey
RtlEqualUnicodeString
ZwCreateKey
RtlIntegerToUnicodeString
ZwClose
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
RtlAreBitsClear
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
IoInitializeRemoveLockEx
KeInitializeEvent
IoCreateDevice
RtlFindLongestRunClear
RtlFindSetBits
RtlSetBit
RtlClearBits
IofCallDriver
KeFlushQueuedDpcs
IoReleaseRemoveLockAndWaitEx
_aullrem
IofCompleteRequest
ObfReferenceObject
PoRequestPowerIrp
PoCallDriver
KeBugCheckEx
IoGetDmaAdapter
ObfDereferenceObject
VfFailDeviceNode
IoOpenDeviceRegistryKey
RtlInitUnicodeString
MmUnmapIoSpace
PoSetPowerState
KeQueryActiveProcessorCount
KdEnableDebugger
KeIpiGenericCall
KdDisableDebugger
IoCancelIrp
KeDelayExecutionThread
KeQueryTimeIncrement
PoSetSystemWake
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PoGetSystemWake
IoReleaseCancelSpinLock
RtlIsRangeAvailable
EmClientQueryRuleState
ExUnregisterCallback
ExfInterlockedInsertTailList
ExRegisterCallback
ExCreateCallback
KeInitializeDpc
WheaAddErrorSource
HalDispatchTable
_allshl
EmProviderRegister
EmProviderDeregister
EmClientRuleEvaluate
InitSafeBootMode
ExIsProcessorFeaturePresent
ZwEnumerateValueKey
ZwQueryKey
KeCancelTimer
IoRequestDeviceEjectEx
KeSetTimer
KeInitializeTimer
RtlFindMessage
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlFindLeastSignificantBit
NtQuerySystemInformation
ZwOpenKey
RtlCopyUnicodeString
RtlFindMostSignificantBit
WRITE_REGISTER_BUFFER_ULONG
RtlQueryRegistryValues
READ_REGISTER_BUFFER_ULONG
WheaReportHwError
WheaGetErrorSource
KeClearEvent
IoDisconnectInterruptEx
IoConnectInterruptEx
KeInsertQueueDpc
KeSynchronizeExecution
PsTerminateSystemThread
KeWaitForMultipleObjects
ExfInterlockedRemoveHeadList
HalPrivateDispatchTable
IoAssignResources
IoSetDevicePropertyData
IoGetDevicePropertyData
MmMapIoSpace
ObReferenceObjectByHandle
PsCreateSystemThread
WheaRegisterErrSrcInitializer
RtlCmEncodeMemIoResource
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
IoBuildDeviceIoControlRequest
ZwQueryValueKey
IoUnregisterPlugPlayNotification
VfFailSystemBIOS
IoRegisterPlugPlayNotification
VfIsVerificationEnabled
KeTickCount
RtlUnwind
RtlGetFirstRange
RtlGetNextRange
memset
ExAllocatePoolWithTag
_vsnwprintf
_aulldiv
RtlIoDecodeMemIoResource
RtlCmDecodeMemIoResource
RtlInitializeRangeList
RtlAddRange
RtlInvertRangeList
RtlFreeRangeList
IoInvalidateDeviceRelations
ExFreePoolWithTag
RtlDeleteOwnersRanges
RtlCopyRangeList
RtlDeleteRange
_wcsicmp

hal

KeAcquireInStackQueuedSpinLock
KfReleaseSpinLock
HalGetBusDataByOffset
HalGetMessageRoutingInfo
HalGetInterruptTargetInformation
KeStallExecutionProcessor
KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
HalTranslateBusAddress
KfAcquireSpinLock

pshed

PshedGetErrorSourceInfo
PshedRetrieveErrorInfo

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32c5874e5a1f8bc36b2e05a99431435e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

pshed

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

PAGE Size: 70KB - Virtual size: 70KB

PAGEKD Size: 1KB - Virtual size: 1KB

INIT Size: 8KB - Virtual size: 7KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

PAGE
Size: 70KB - Virtual size: 70KB

PAGEKD
Size: 1KB - Virtual size: 1KB

INIT
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB