526277dc2abb036ec5f85150fadb0c29_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

526277dc2abb036ec5f85150fadb0c29_JaffaCakes118
Size

42KB
MD5

526277dc2abb036ec5f85150fadb0c29
SHA1

eb2e0e5b9f2c1092ac962e827287195fd5714eb1
SHA256

7745c9b5f9a8e0dc1ba2309e730554524cca3bc2470d1077652d7f7d8b985f59
SHA512

2aa512494347b0d2827dab47229eb34d83eb0312bf9e9be0f0fbc0881ce056501a3af061297a656c5a21198cfa408e2ec9303bf978ef4c0f4aa95037008455c9
SSDEEP

768:ZQfN77x9bqKE3QJaSqMNlSWlJ2FyThGWKDxeWjXy5yQLO3EzJ4pOw9F2JFaatHCo:2tlbs2aRbIxLz2v2fRit9EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526277dc2abb036ec5f85150fadb0c29_JaffaCakes118

Files

526277dc2abb036ec5f85150fadb0c29_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
sprintf
ExAcquireResourceSharedLite
ExReleaseResourceLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
memmove
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
PsGetCurrentProcessId
strncpy
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
vsprintf
KeLeaveCriticalRegion
ZwCreateFile
RtlInitUnicodeString
IoQueryVolumeInformation
IoAttachDeviceByPointer
ExInterlockedPushEntrySList
KeQuerySystemTime
ExInterlockedPopEntrySList
ProbeForWrite
KeClearEvent
_except_handler3
IoDeleteDevice
IoDetachDevice
ExQueueWorkItem
IofCompleteRequest
strstr
MmMapLockedPages
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink
InterlockedIncrement
ExAllocatePoolWithTag
ExFreePool
ZwClose
ObReferenceObjectByHandle
_strlwr

hal

KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9038267dffe5d0d2eb21c81354dee3f8

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB