19bf8c444520c1707e8259a341068ef3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

19bf8c444520c1707e8259a341068ef3_JaffaCakes118
Size

13KB
MD5

19bf8c444520c1707e8259a341068ef3
SHA1

179fec2bee1bbf5a8e916871f145a6ee3384b6d1
SHA256

f7057b2b8998356a69ffbf49855d4217c49a059e75a8879ff3df7dec55f9ee57
SHA512

aea17be0a2125a4e767125f59bd38ffda631b4a9f6162a3f8453787ecb38d0129a06273cf5cbb90062752e09db46060e9be452aa2d58f6444578b6f7ac18fbd6
SSDEEP

192:QW1HFZ6l+Bco16ZIG47zJlHQRvhh1F0rAowx2BRcaW3I9GGDolNkjb5UZ+:Q6Fe+B5fJSRJhf0U52caW3HNlNkH55

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19bf8c444520c1707e8259a341068ef3_JaffaCakes118

Files

19bf8c444520c1707e8259a341068ef3_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6bdbb2df1e73dd5a7c7165882d0edba3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\флэш\soft\podmena_driver\HostsDrv\mkdrv.pdb

Imports

ntoskrnl.exe

_stricmp
strncpy
strchr
ZwReadFile
ZwQueryInformationFile
NtCreateFile
RtlInitUnicodeString
swprintf
RtlWriteRegistryValue
RtlQueryRegistryValues
ZwSetInformationFile
ZwCreateFile
ZwWriteFile
ZwDeleteFile
PsTerminateSystemThread
KeCancelTimer
KeWaitForSingleObject
KeSetTimerEx
KeInitializeTimerEx
PsCreateSystemThread
KeSetPriorityThread
KeGetCurrentThread
NtQueryDirectoryFile
NtQuerySystemInformation
NtOpenFile
strncmp
IoGetCurrentProcess
ZwClose
IoCreateDevice
IoGetDeviceObjectPointer
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
IofCallDriver
IofCompleteRequest
ExReleaseFastMutexUnsafe
IoCreateSymbolicLink
ExAcquireFastMutexUnsafe
IoDeleteSymbolicLink
KeInitializeEvent
ProbeForRead
_wcsicmp
wcsrchr
ZwOpenFile
wcslen
RtlCompareUnicodeString
ObQueryNameString
ObReferenceObjectByHandle
ZwOpenKey
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_except_handler3
ExFreePoolWithTag
ExAllocatePoolWithTag
IoAttachDeviceToDeviceStack
ZwQuerySystemInformation

hal

KfLowerIrql
KfAcquireSpinLock
KfRaiseIrql

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 631B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 768B - Virtual size: 753B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bdbb2df1e73dd5a7c7165882d0edba3

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 640B - Virtual size: 631B

.data Size: 640B - Virtual size: 520B

PAGE Size: 768B - Virtual size: 753B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 746B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 640B - Virtual size: 631B

.data
Size: 640B - Virtual size: 520B

PAGE
Size: 768B - Virtual size: 753B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 746B