fa143bd44a6d3b8724b83c23ee818c7c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa143bd44a6d3b8724b83c23ee818c7c_JaffaCakes118
Size

28KB
MD5

fa143bd44a6d3b8724b83c23ee818c7c
SHA1

d2a65b7dab5868a6e3afd096bfd48409d5f354a3
SHA256

7b9d6f3598355213782003376121ef50bbaeb3daf8292372c4acbc5569c2d1e7
SHA512

702c0fcd94cb8eecc696fe15186eb9db8851ddf634358d43fa2c42b3498d25c4f65beb9d570617005ec5cbd31d1821ab0c0ade24b8058bfb45f455b4c2356834
SSDEEP

384:YjfnodxlKYXQNb928jIjxVzXtL1Cq+XrgnhHhVkxUw5e1f9tGyUEp5Mz5TP0:5VO88jAVB4mhVkza9J3SRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa143bd44a6d3b8724b83c23ee818c7c_JaffaCakes118

Files

fa143bd44a6d3b8724b83c23ee818c7c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b4a1e65118da05e3d1dc61203820b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\TechDept\DesktopMedia\client\ADDRV_New\Bdguard_sys\XPRelease\Bdguardxp.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
_except_handler3
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoRegisterFsRegistrationChange
_wcslwr
memcpy
memset
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoGetDeviceObjectPointer
strchr
_strnicmp
_stricmp
_snprintf
wcscpy
MmIsAddressValid
PsGetCurrentProcessId
PsGetCurrentThreadId
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExReleaseResourceLite
_snwprintf
ZwQueryInformationFile
ZwQueryValueKey
ZwOpenKey
ZwDeleteValueKey
strncmp
strlen
IoGetCurrentProcess
IoDetachDevice
MmGetSystemRoutineAddress
ExDeleteNPagedLookasideList
InterlockedPushEntrySList
ExGetPreviousMode
wcsncpy
IoAttachDeviceToDeviceStack
ExQueueWorkItem
KeSetEvent
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
ObQueryNameString
ObfReferenceObject
KeDelayExecutionThread
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlFreeUnicodeString
ZwReadFile
strncpy
strrchr
ZwEnumerateValueKey
ZwSetValueKey
ZwEnumerateKey
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcslen
RtlAnsiStringToUnicodeString
RtlAppendStringToString
RtlCompareString
_strlwr
RtlAppendUnicodeStringToString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoFreeIrp
wcscat
KeGetCurrentThread
IoAllocateIrp
memmove
ZwTerminateProcess
KeServiceDescriptorTable
ZwDeleteKey
RtlInitUnicodeString
IoDeleteSymbolicLink
InterlockedPopEntrySList
IoDeleteDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b4a1e65118da05e3d1dc61203820b5c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB