2adf14706ac6ba6ee789a4638d638f4e_JaffaCakes118

General

Target

2adf14706ac6ba6ee789a4638d638f4e_JaffaCakes118
Size

14KB
MD5

2adf14706ac6ba6ee789a4638d638f4e
SHA1

345b9d6d5079a5249858b0b11b5c759647ad2db5
SHA256

163d431ddb93b2457b1f15f75ceff3443ff1aa4070d6ed809429e23f878e23cb
SHA512

559cc73b6e8309de19c1c549ff09bbd89274dc091e7e5a531f266efa08573a5a42e06d296da5eb171595e7870feac42940e79cfda5ad7dc380d2ba9b415933fc
SSDEEP

384:r4Xq0ESbL76oqoocbN0M6ivmTyE0/HiwoxA/o7UyHe9:r4X8dCN/mTyz/HiwoxAwVHe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2adf14706ac6ba6ee789a4638d638f4e_JaffaCakes118

Files

2adf14706ac6ba6ee789a4638d638f4e_JaffaCakes118
.sys windows:6 windows x86 arch:x86

b08abec462492a1cd2caad79f8613f3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\job\tdifil~2\tdi_drv\objfre_wlh_x86\i386\twfd.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
strncpy
ZwClose
ZwWriteFile
ZwQueryInformationFile
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
KeTickCount
IoDetachDevice
IoAttachDevice
IofCompleteRequest
ExAllocatePoolWithTag
ExFreePoolWithTag
ExAllocatePool
MmMapLockedPages
memcpy
IoFreeMdl
IofCallDriver
MmProbeAndLockPages
MmCreateMdl
strstr
ExfInterlockedInsertTailList
_strlwr
KeBugCheckEx
IoDeleteDevice
memset
RtlInitUnicodeString

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 694B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b08abec462492a1cd2caad79f8613f3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 265B

.data Size: 512B - Virtual size: 972B

INIT Size: 1024B - Virtual size: 974B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 1024B - Virtual size: 694B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 265B

.data
Size: 512B - Virtual size: 972B

INIT
Size: 1024B - Virtual size: 974B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 1024B - Virtual size: 694B