3ad585e237f9affe50141085fdc1e20d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ad585e237f9affe50141085fdc1e20d_JaffaCakes118
Size

742KB
MD5

3ad585e237f9affe50141085fdc1e20d
SHA1

7b336927c69614c9fe388b294442e6a03bd492d4
SHA256

e2d9d6c3c3904325484336ca5fd68a09398603ae365a2a644c31a17eede2ab6f
SHA512

c5cc59b05dd54a5bc8feb6d4c703886775f769fb3e789abdfad2a6360a7e84acfe65c2280d948344814092778b01dd9b533689126f3b17add278f99dc22f2644
SSDEEP

12288:7USf6RO10wrL4mpncWBtQIf0MF4jXWeM1dTxShTPYjaIRsSuKBA4wekfiUCWu:YSyM10tmp/BKQImeMDVSFQjVRL1B18at

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ad585e237f9affe50141085fdc1e20d_JaffaCakes118

Files

3ad585e237f9affe50141085fdc1e20d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

173efc87d628bed067931b37effabdeb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
RtlInitUnicodeString
_snprintf
ExAllocatePoolWithTag
KeBugCheckEx
KeWaitForSingleObject
KeInitializeEvent
KeSetEvent
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
ZwQueryValueKey
PoCallDriver
IoFreeIrp
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
IoDetachDevice
IoAllocateIrp
ZwOpenKey
RtlQueryRegistryValues
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
IoQueueWorkItem
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
ObReferenceObjectByHandle
KeSetTimer
ZwSetValueKey
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
PsCreateSystemThread
KeAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
RtlInitAnsiString
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
RtlUnicodeStringToAnsiString
RtlAppendUnicodeToString
ObfReferenceObject
IoReleaseRemoveLockEx
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoDisconnectInterrupt
IoConnectInterrupt
ZwQuerySystemInformation
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

173efc87d628bed067931b37effabdeb

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 512B - Virtual size: 346B

.data Size: 15KB - Virtual size: 14KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 388KB - Virtual size: 387KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 512B - Virtual size: 346B

.data
Size: 15KB - Virtual size: 14KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 388KB - Virtual size: 387KB