53fcaa041ee55205baf4df43d71cc968_JaffaCakes118

General

Target

53fcaa041ee55205baf4df43d71cc968_JaffaCakes118
Size

41KB
MD5

53fcaa041ee55205baf4df43d71cc968
SHA1

9d57a6a2da64cb49d8e189ca94fefb65cb276492
SHA256

f30a2a95842eb52c17a6ba316f6cca458474b3617c25a0313f1cd39835475c9d
SHA512

b29c2dbfe59d95ab0a0ed73ede753b0b86d7885ae8a25435d8ea3a20fc589411a4a108443027435ceb9438a83cf87e91d2dd883fc2e8e77614608d03aa695092
SSDEEP

768:GDa1o+6AemAO+xlWlNnwf2Nh49kv8E10FDW5FI84v3en/m6otAUezZ:GDCogClUwf2NhWkkEGqH/4vufo2Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53fcaa041ee55205baf4df43d71cc968_JaffaCakes118

Files

53fcaa041ee55205baf4df43d71cc968_JaffaCakes118
.sys windows:5 windows x86 arch:x86

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlUpcaseUnicodeString
IoBuildSynchronousFsdRequest
RtlCompareString
ExAllocatePool
RtlPrefixUnicodeString
RtlUpperString
IofCallDriver
KeClearEvent
ObGetObjectSecurity
MmMapLockedPages
VerSetConditionMask
PoUnregisterSystemState
KeSetEvent
IoVerifyPartitionTable
KeInitializeEvent
ZwDeleteValueKey
RtlInitString
MmBuildMdlForNonPagedPool
PoRequestPowerIrp
ZwSetInformationFile
ZwUnloadDriver
PoSetPowerState
ZwMakeTemporaryObject
PoStartNextPowerIrp
ZwEnumerateValueKey
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ZwFlushKey
IoSetPartitionInformationEx
ZwCancelTimer
PoCallDriver
ObfReferenceObject
ZwTerminateProcess
ZwDeleteKey
ZwOpenSection
ZwLoadDriver
ZwOpenKey
memset
memcpy

Exports

Exports

_CreateCompressedBuffer@0
_WriteCompressedBuffer@4

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88eaf18effd0ff18bac56f95d61871c1

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.ecode Size: 512B - Virtual size: 413B

.data Size: - Virtual size: 4B

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 230B

.text
Size: 3KB - Virtual size: 2KB

.ecode
Size: 512B - Virtual size: 413B

.data
Size: - Virtual size: 4B

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 230B