31f8520c16cf9c94f945771b7849ef6d_JaffaCakes118

General

Target

31f8520c16cf9c94f945771b7849ef6d_JaffaCakes118
Size

8KB
MD5

31f8520c16cf9c94f945771b7849ef6d
SHA1

9f1c0c72a43fa129031338bf9e1b4a206f0a35e0
SHA256

8096dcd9e079c516484f82aad81ae4ddc316c3d2f808bf4ed1e83049d438b822
SHA512

4ec94bdf31197de166ed82352ef87688abd8a769d82a595e132fd99836fd25c3fbf3d722dc191912b71cc8361cb93b6ca56f460bae82eb6aa8f0f7f6d1ae66d2
SSDEEP

192:66RYmoTbN4T84tZcpcrqoPl4UklH6aAYDZ9/5w9jG:QmoTbeTDXcFrt98

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31f8520c16cf9c94f945771b7849ef6d_JaffaCakes118

Files

31f8520c16cf9c94f945771b7849ef6d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

86abab95b9801bcfa59a4eefe47f100b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\1\TvPlus\Driver\objfre\i386\TvPlus.pdb

Imports

ntoskrnl.exe

wcslen
ZwCreateKey
ObfDereferenceObject
KeDetachProcess
ZwTerminateProcess
MmUnmapViewOfSection
PsLookupProcessByProcessId
KeServiceDescriptorTable
IofCompleteRequest
IoDeleteDevice
RtlFreeUnicodeString
IoDetachDevice
IofCallDriver
IoSetDeviceInterfaceState
PoCallDriver
PoStartNextPowerIrp
KeSetEvent
InterlockedExchange
ZwClose
KeClearEvent
InterlockedIncrement
InterlockedDecrement
KeInitializeSpinLock
KeInitializeEvent
ExAllocatePoolWithTag
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoCreateDevice
IoIsWdmVersionAvailable
RtlCopyUnicodeString
_except_handler3
ExFreePool
RtlInitUnicodeString
KeWaitForSingleObject
MmGetSystemRoutineAddress

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 542B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86abab95b9801bcfa59a4eefe47f100b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 128B - Virtual size: 16B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 640B - Virtual size: 542B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 128B - Virtual size: 16B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 640B - Virtual size: 542B