062a9053c40cb8e6c6f0ff2727723a52_JaffaCakes118

General

Target

062a9053c40cb8e6c6f0ff2727723a52_JaffaCakes118
Size

7KB
MD5

062a9053c40cb8e6c6f0ff2727723a52
SHA1

7a6cdeb8f4285cb51211908535240782df22832e
SHA256

c8f4de14894be28218506efe79571b1a71c181249e3ed991688381bdd51ee24d
SHA512

a22e50bc7d6ae04af5ae28d800a50085130ab6c4081257e5d1d8f35de1239991dacf054f4b5ad00a79afcf5fbf174feab1e116f88dcde197b1f9ce12256eda7e
SSDEEP

96:OnYz/nMQJ0fYJ6Kr/ys8l4aXlXEdpLz33VOfOGpFbgGGkCr0zpQhVdhAOhy:N/ntJ0wJ6W8VXE/Lz33Vunp1gGO0oZ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
062a9053c40cb8e6c6f0ff2727723a52_JaffaCakes118

Files

062a9053c40cb8e6c6f0ff2727723a52_JaffaCakes118
.sys windows:5 windows x86 arch:x86

43724fe4f4f293f85c321c336e5ca83f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\DLMon4.0\driver\obj\i386\TPLinks.pdb

Imports

ntoskrnl.exe

KeDetachProcess
RtlFreeUnicodeString
wcsstr
RtlUpcaseUnicodeString
ZwQueryInformationProcess
KeAttachProcess
IoGetCurrentProcess
_except_handler3
PsLookupProcessByProcessId
_wcsnicmp
wcslen
ZwQuerySystemInformation
_strnicmp
ExFreePool
ProbeForRead
MmHighestUserAddress
ZwQueryDirectoryFile
ZwClose
ZwEnumerateValueKey
InterlockedExchange
ZwEnumerateKey
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
ExAllocatePoolWithTag
ObfDereferenceObject
toupper

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 860B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43724fe4f4f293f85c321c336e5ca83f

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 256B - Virtual size: 220B

INIT Size: 896B - Virtual size: 860B

.rsrc Size: 896B - Virtual size: 800B

.reloc Size: 384B - Virtual size: 316B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 256B - Virtual size: 220B

INIT
Size: 896B - Virtual size: 860B

.rsrc
Size: 896B - Virtual size: 800B

.reloc
Size: 384B - Virtual size: 316B