2545e99661bfc406afa7fef82effef2c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2545e99661bfc406afa7fef82effef2c_JaffaCakes118
Size

60KB
MD5

2545e99661bfc406afa7fef82effef2c
SHA1

558afcddeed946e5e7e902e16aaedb8a08a4e49d
SHA256

6844d8bc9c69a5a5e14c6108ca35c42b375dc3547f375e8641205331aa3e94c4
SHA512

5f8064451a609affe10228d3b45b67862bff097be1f695f238cc57922dec5ca2c1e7f15806a738a374b751a3f67ee54bf13b8121fa689bc55db0f1a5a13c3ded
SSDEEP

768:KR8a00D8ka9u198/TxiXfeM40cc6X3+KCNDZP:KRd0dfIWgXfeoWXRiD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2545e99661bfc406afa7fef82effef2c_JaffaCakes118

Files

2545e99661bfc406afa7fef82effef2c_JaffaCakes118
.sys windows:6 windows x86 arch:x86

8fe9351eaf0898200c473613492657ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\docume~1\usuario\desktop\salvar~1\cheate~3\dbkker~1\objchk_wxp_x86\i386\ajax.pdb

Imports

ntoskrnl.exe

ZwClose
ExFreePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ExAllocatePool
ZwOpenKey
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
IofCompleteRequest
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
KeQueryActiveProcessors
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
KeGetCurrentThread
ObReferenceObjectByHandle
KeDetachProcess
ZwAllocateVirtualMemory
KeAttachProcess
PsSetCreateThreadNotifyRoutine
KeUnstackDetachProcess
MmGetPhysicalAddress
KeStackAttachProcess
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ObfDereferenceObject
ZwOpenThread
IoCreateDevice
PsProcessType
PsLookupProcessByProcessId
memset
memcpy
RtlAssert
PsLookupThreadByThreadId
_allmul
_aullshr
KeWaitForSingleObject
KeReleaseSemaphore
KeClearEvent
KeSetEvent
KeInitializeSemaphore
IoQueueWorkItem
ExAllocatePoolWithTag
KeInitializeEvent
PsGetCurrentThreadId
PsGetCurrentProcessId
MmAllocateContiguousMemory
ZwWaitForSingleObject
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
KeTickCount
KeBugCheckEx
IoCreateSymbolicLink
IoDeleteDevice
IoAllocateWorkItem
ObOpenObjectByPointer
DbgPrint
RtlUnwind

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fe9351eaf0898200c473613492657ba

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 896B - Virtual size: 844B

.data Size: 15KB - Virtual size: 15KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 896B - Virtual size: 844B

.data
Size: 15KB - Virtual size: 15KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB