3267a0c3c5da9145726c68bfeb906297_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3267a0c3c5da9145726c68bfeb906297_JaffaCakes118
Size

22KB
MD5

3267a0c3c5da9145726c68bfeb906297
SHA1

90784b4480d3c647ab6ea947fed7c9648f617458
SHA256

3f48c2d0d21d445a7915890cd4e592384de59cb4c5294ee17dc669284bd171a7
SHA512

5fcc13e513ee36599255b395cfbeff47ee0140cba7dd50ace4afc5406296ad4cdee2dc388ccc8981fe844cab4ccd6b878da05c10c6b5c7397988d8a3a3130686
SSDEEP

384:zwtfwids1uARNUiEaNZmp+hAu258kZeKs1JBz1kwPdGL5mp:zNids1uUO6kpBu258EeK07jzp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3267a0c3c5da9145726c68bfeb906297_JaffaCakes118

Files

3267a0c3c5da9145726c68bfeb906297_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c6227215645f161a640b66cdac507f50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

NIKEDRV.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
ExAllocatePoolWithTag
ExFreePool
IoSetDeviceInterfaceState
KeSetEvent
InterlockedDecrement
KeInitializeEvent
InterlockedIncrement
RtlQueryRegistryValues
memmove
wcslen
RtlFreeUnicodeString
KeInitializeSpinLock
IoCreateDevice
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
PoRequestPowerIrp
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoCancelIrp
IoBuildPartialMdl
IoIsWdmVersionAvailable

hal

KfReleaseSpinLock
KfAcquireSpinLock

usbd.sys

USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion
USBD_ParseConfigurationDescriptorEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qice
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6227215645f161a640b66cdac507f50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

usbd.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 318B

INIT Size: 1KB - Virtual size: 1KB

.qice Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 436B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 318B

INIT
Size: 1KB - Virtual size: 1KB

.qice
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 436B