27b8dacde834e08a31eb617a63f1b045_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27b8dacde834e08a31eb617a63f1b045_JaffaCakes118
Size

22KB
MD5

27b8dacde834e08a31eb617a63f1b045
SHA1

4cd99ae4a7baa4ac696526d43ee3f321bc69de52
SHA256

934fa8aa289d91cdd21d9190ff393149eb0d5365359d878239d2f90e3b1f8fcb
SHA512

2c2f039e2cc87dee427914b12a75f64ce7c624be108b8e505690ccfd8c880da66d952a04a41f38203f841452adf2f6db3f72e015bfe0324e87f9b37c2ac48d96
SSDEEP

384:Hoyf66cqKYh6z53XPGMetzwMVEaTW+8YIwWJDAkwlW+8YIwW:HoyCqKK61PGMeNwMVeYmDnwoY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b8dacde834e08a31eb617a63f1b045_JaffaCakes118

Files

27b8dacde834e08a31eb617a63f1b045_JaffaCakes118
.sys windows:5 windows x86 arch:x86

fee2a04892d6c54fa6001f1dede0ad0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tdi.pdb

Imports

ntoskrnl.exe

RtlExtendedMagicDivide
KeTickCount
KeWaitForSingleObject
KeGetCurrentThread
KeSetEvent
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitString
IoWriteErrorLogEntry
memmove
IoAllocateErrorLogEntry
MmAllocateMappingAddress
MmFreeMappingAddress
_except_handler3
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
MmUnmapLockedPages
MmUnmapReservedMapping
MmMapLockedPagesWithReservedMapping
RtlExtendedIntegerMultiply
KefAcquireSpinLockAtDpcLevel
NtCreateFile
ExFreePoolWithTag
wcslen
_wcsicmp
wcscpy
_wcsnicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCompareUnicodeString
DbgPrint
DbgBreakPoint
KeInitializeEvent
RtlGetCallersAddress
RtlCopyUnicodeString
KeBugCheckEx
KeSetTimer
KeInitializeDpc
KeInitializeTimer
ExQueueWorkItem
KeQueryTimeIncrement
IoBuildPartialMdl
KeInitializeSpinLock

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisRegisterTdiCallBack
NdisDeregisterTdiCallBack
NdisReturnPackets

Exports

Exports

CTEAllocateString
CTEBlock
CTEBlockWithTracker
CTEInitEvent
CTEInitString
CTEInitTimer
CTEInitialize
CTEInsertBlockTracker
CTELogEvent
CTERemoveBlockTracker
CTEScheduleCriticalEvent
CTEScheduleDelayedEvent
CTEScheduleEvent
CTESignal
CTEStartTimer
CTESystemUpTime
DllInitialize
DllUnload
TdiBuildNetbiosAddress
TdiBuildNetbiosAddressEa
TdiCopyBufferToMdl
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
TdiCopyMdlChainToMdlChain
TdiCopyMdlToBuffer
TdiDefaultChainedRcvDatagramHandler
TdiDefaultChainedRcvExpeditedHandler
TdiDefaultChainedReceiveHandler
TdiDefaultConnectHandler
TdiDefaultDisconnectHandler
TdiDefaultErrorHandler
TdiDefaultRcvDatagramHandler
TdiDefaultRcvExpeditedHandler
TdiDefaultReceiveHandler
TdiDefaultSendPossibleHandler
TdiDeregisterAddressChangeHandler
TdiDeregisterDeviceObject
TdiDeregisterNetAddress
TdiDeregisterNotificationHandler
TdiDeregisterPnPHandlers
TdiDeregisterProvider
TdiEnumerateAddresses
TdiInitialize
TdiMapUserRequest
TdiMatchPdoWithChainedReceiveContext
TdiOpenNetbiosAddress
TdiPnPPowerComplete
TdiPnPPowerRequest
TdiProviderReady
TdiRegisterAddressChangeHandler
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiRegisterNotificationHandler
TdiRegisterPnPHandlers
TdiRegisterProvider
TdiReturnChainedReceives

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inxa
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fee2a04892d6c54fa6001f1dede0ad0e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 640B - Virtual size: 564B

.data Size: 512B - Virtual size: 492B

PAGE Size: 256B - Virtual size: 245B

.edata Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.inxa Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 768B - Virtual size: 706B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 640B - Virtual size: 564B

.data
Size: 512B - Virtual size: 492B

PAGE
Size: 256B - Virtual size: 245B

.edata
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.inxa
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 768B - Virtual size: 706B