338fc566aecabf2276d3a4ccabbc83d9_JaffaCakes118

General

Target

338fc566aecabf2276d3a4ccabbc83d9_JaffaCakes118
Size

10KB
MD5

338fc566aecabf2276d3a4ccabbc83d9
SHA1

50dcc0385fb65bad35ca7736c35dab596963607d
SHA256

2dd9f4d8c7910941daecb3037b0179fc7d1d5f284cfbdc3b35d18d989a5c029f
SHA512

b6f3148cb9df9252be46d4d56d0f2c66ea126416721c6b1be6ce9d99aacb8d6731a32db85b8e049f7124b9c5a9ac5237cf714284ba8a0783d754779903479792
SSDEEP

192:Klwx5J5OMB65ZwdV90v+Pn3N7f0+p5SsyeNnZiG25MSc5VrRLTF:Klwx5J5OHZwdlNoQSsy4iG25MSc5BNZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
338fc566aecabf2276d3a4ccabbc83d9_JaffaCakes118

Files

338fc566aecabf2276d3a4ccabbc83d9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a780b11ead86d0fdadbb2eac5fbaba99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\a\objchk_wxp_x86\i386\flt_disk.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
IoGetConfigurationInformation
IoGetDeviceObjectPointer
IoFreeIrp
IoFreeMdl
MmUnlockPages
ExFreePool
IofCallDriver
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
RtlUnicodeStringToAnsiString
ExAllocatePoolWithTag
ZwClose
IoDeleteSymbolicLink
IofCompleteRequest
ExfInterlockedInsertTailList
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
ExfInterlockedRemoveHeadList
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
ZwMakeTemporaryObject
ZwCreateDirectoryObject
KeTickCount
RtlFreeAnsiString
KeInitializeEvent

hal

KeGetCurrentIrql
KeStallExecutionProcessor

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a780b11ead86d0fdadbb2eac5fbaba99

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 342B

.data Size: 128B - Virtual size: 46B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 422B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 342B

.data
Size: 128B - Virtual size: 46B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 422B