031a2b00dfa5dd3af476bdaa3a65d6eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

031a2b00dfa5dd3af476bdaa3a65d6eb_JaffaCakes118
Size

14KB
MD5

031a2b00dfa5dd3af476bdaa3a65d6eb
SHA1

cb0c8eb706aecd511853889b0a749a37bc01e8eb
SHA256

4d1f70375f5f7d15697275a6e203692d53a42a69744ad67478e0daa43fef3ba8
SHA512

8b94f4dd22bd08de91864f476fdd85bc57029c7af0b0604e1e8f0bd70823588b2c449bb4e4d85e361a8fb4f1a1e408eaf38ef1952a8c867a332b9bc3b93ac375
SSDEEP

192:FNuR60DJK6CVX9SSZjxMgsyLREJ+n2DRyopotNqn+EhOGh2iBKTkf:3GbJqXQAKGREJPRJpotNqX/h2iBKu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
031a2b00dfa5dd3af476bdaa3a65d6eb_JaffaCakes118

Files

031a2b00dfa5dd3af476bdaa3a65d6eb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4efb23e4c4dbeb9e8151112463898c0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\DLMon5\drv\obj\i386\RioDrvs.pdb

Imports

ntoskrnl.exe

PsLookupProcessByProcessId
_wcsnicmp
wcslen
ZwQuerySystemInformation
_strnicmp
ObfDereferenceObject
KeDetachProcess
ProbeForRead
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
_except_handler3
RtlFreeUnicodeString
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
strncmp
MmIsAddressValid
RtlInitUnicodeString
ZwQueryValueKey
ZwOpenKey
PsGetCurrentProcessId
wcsstr
RtlUpcaseUnicodeString
ExFreePool
ObQueryNameString
ObReferenceObjectByHandle
ZwReadFile
InterlockedExchange
KeSetTimerEx
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
ZwDeleteValueKey
ZwDeleteKey
ZwSaveKey
ZwQueryDirectoryFile
ZwEnumerateKey
ZwLoadDriver
ZwSetValueKey
PsTerminateSystemThread
ZwWaitForSingleObject
ZwNotifyChangeKey
ZwCreateKey
swprintf
ZwCreateEvent
PsCreateSystemThread
ZwSetEvent
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
RtlCompareUnicodeString
toupper

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4efb23e4c4dbeb9e8151112463898c0b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 932B

.data Size: 384B - Virtual size: 384B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 872B

.reloc Size: 1024B - Virtual size: 946B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 932B

.data
Size: 384B - Virtual size: 384B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 872B

.reloc
Size: 1024B - Virtual size: 946B