2bd7b82a7775cb305fab38a20a6f2bc0_JaffaCakes118

General

Target

2bd7b82a7775cb305fab38a20a6f2bc0_JaffaCakes118
Size

14KB
MD5

2bd7b82a7775cb305fab38a20a6f2bc0
SHA1

7377dc665d1702db92c61f518c97067665e99d46
SHA256

59bf77f4e142c65f7d2dc15c630dd9b613f9a48c0165f6cc8bab4729e8bdaeb7
SHA512

9962ed68d3027b06d81cd55c04033048c787e9d4e8be33cb40fa40dc282ab3a286e7d9a2e9f0d425d143c1698c42a107423b4835d38676de11a6f15358a6429b
SSDEEP

192:DsTghe+lNkqTzqu4UAQSN3vEx7kkfnETaP3rmuMQq0Hd3uEh7SA4D:PM+Iq/qLnZhvNTI3rVM70H4EhsD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bd7b82a7775cb305fab38a20a6f2bc0_JaffaCakes118

Files

2bd7b82a7775cb305fab38a20a6f2bc0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ddf9adbcfdc594986879acc8240af2f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\source\sysenter_hook\sysenter_hook\objchk_wnet_x86\i386\APR.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
_except_handler3
DbgPrint
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwQuerySystemInformation
ZwOpenProcess
MmUserProbeAddress
KeInitializeDpc
ExAllocatePoolWithTag
KeNumberProcessors
KeInsertQueueDpc
KeSetTargetProcessorDpc
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
strncpy
PsGetCurrentProcessId
KeDelayExecutionThread
_aulldiv
ZwClose
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeTickCount
KeBugCheckEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddf9adbcfdc594986879acc8240af2f1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 372B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1024B - Virtual size: 946B

.reloc Size: 1024B - Virtual size: 902B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 372B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1024B - Virtual size: 946B

.reloc
Size: 1024B - Virtual size: 902B