41fc05c359a1eda48586b28c79853aab_JaffaCakes118

General

Target

41fc05c359a1eda48586b28c79853aab_JaffaCakes118
Size

11KB
MD5

41fc05c359a1eda48586b28c79853aab
SHA1

0b1eec638c10bf194de2a1b2a0adc1c7b6e501cf
SHA256

54df194a94c4e7f60a78b50240376db071c8f99b925c0bfadc02769671a46a1d
SHA512

2abd6dc5d26947bcab7dac6485fcde7397ceba26dd458beba5af6be89ac952030e2d75113a511edbb997bc9ffc139338ad154cd21b220e0c3fba77eb6b386bce
SSDEEP

192:xhSyrJKaKV97aY1aHfQcVcXsyGWSpSWw6mCYU65RgikT53APy:rLKifQcVxpSW/YU65yi21A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41fc05c359a1eda48586b28c79853aab_JaffaCakes118

Files

41fc05c359a1eda48586b28c79853aab_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3527ed62d5591c86b400f9ae565d6ee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DirectDiskForWin32\KillProcess\objfre_wxp_x86\i386\pcidump.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrint
PsTerminateSystemThread
ExAllocatePoolWithTag
MmIsAddressValid
ObfDereferenceObject
strncmp
IoGetCurrentProcess
strncpy
_stricmp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
ZwClose
ObReferenceObjectByHandle
ZwCreateFile
IoCreateFile
IoFreeIrp
KeSetEvent
IoDeleteDevice
KeGetCurrentThread
IoAllocateIrp
PsGetCurrentProcessId
ZwQueryInformationFile
ZwReadFile
ZwDeviceIoControlFile
RtlCompareMemory
PsCreateSystemThread
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
_except_handler3
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
_alldiv
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
ExFreePoolWithTag
KeServiceDescriptorTable
ZwQuerySystemInformation
IofCompleteRequest
_vsnwprintf

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfAcquireSpinLock

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3527ed62d5591c86b400f9ae565d6ee0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 358B

.data Size: 256B - Virtual size: 208B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 884B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 358B

.data
Size: 256B - Virtual size: 208B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 884B