29cb2add16080d5739c151ab51001ffd_JaffaCakes118

General

Target

29cb2add16080d5739c151ab51001ffd_JaffaCakes118
Size

16KB
MD5

29cb2add16080d5739c151ab51001ffd
SHA1

c3838a8c79cf7fa7903c632537611ba980d86f5b
SHA256

c616f85b7f43dc5180cd16627f75b6aeb3c5e61ec84ab69461ef356ec9391c24
SHA512

d3dc5df10f79f4e8d701b823ffe4c6ec4ad7016a3aaf62c3334e02aea353058f0d0082ff3169ab9b90bbfc87f5474733dad036aebea2f72152de6492d3e21dbe
SSDEEP

384:zX4a9JvSUBsG8xwDUkGOwa8uI/coZhREQKm:zo6JqlTntuI//EL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29cb2add16080d5739c151ab51001ffd_JaffaCakes118

Files

29cb2add16080d5739c151ab51001ffd_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3c84d47fbf9005069b353b7b1086e87d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\NewProjects\spambot\driver\objfre\i386\driver.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_wcsnicmp
ZwQuerySystemInformation
ExFreePoolWithTag
KeWaitForSingleObject
strncmp
IoGetCurrentProcess
strncpy
ZwClose
MmUnmapLockedPages
ZwOpenKey
wcsncpy
IofCompleteRequest
KeGetPreviousMode
MmBuildMdlForNonPagedPool
DbgPrint
_wcsicmp
KeServiceDescriptorTable
_stricmp
strchr
InterlockedPopEntrySList
InterlockedPushEntrySList
KeSetEvent
IoFreeIrp
IoFreeMdl
KeClearEvent
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
PsGetCurrentProcessId
KeInitializeSpinLock
ExInitializeNPagedLookasideList
ObfDereferenceObject
IoGetDeviceObjectPointer
ExDeleteNPagedLookasideList
_except_handler3
IoDeleteSymbolicLink
MmMapLockedPages
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c84d47fbf9005069b353b7b1086e87d

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 384B - Virtual size: 369B

.data Size: 768B - Virtual size: 648B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 650B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 369B

.data
Size: 768B - Virtual size: 648B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 650B