44472deff589c3882542326dd180f680_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44472deff589c3882542326dd180f680_JaffaCakes118
Size

25KB
MD5

44472deff589c3882542326dd180f680
SHA1

b1b79a7e6495808056d2bfcdf60c9f4aed0cde93
SHA256

c1c32a5cfb48ce33ac4679e0b1bbfe108e9ba6e6be4f8d04dc2e00d2614cd3b1
SHA512

3fa2e77d6f221b735a61d9d6c12efd9a4c179215419831d8b269cccf4c9c9d4d36e0a371c8dd54c149f532e011305338fcb27592833066a0206f16791ca0080a
SSDEEP

384:7JWZ7WbSw7642HMcPLensX3pWBJnJyId7S18phRTXWheDv1:9E7S8UkZCZZd7SIzwej1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44472deff589c3882542326dd180f680_JaffaCakes118

Files

44472deff589c3882542326dd180f680_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3029778c17fa1767e2d887bfaec280c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cheate~3\dbkker~1\objfre_w2K_x86\i386\dbk32.pdb

Imports

ntoskrnl.exe

KeInitializeApc
KeGetCurrentThread
ExAllocatePoolWithTag
ZwOpenProcess
IofCompleteRequest
KeDetachProcess
ZwAllocateVirtualMemory
KeAttachProcess
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ZwQuerySystemInformation
PsSetLoadImageNotifyRoutine
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
KeUnstackDetachProcess
MmGetPhysicalAddress
KeStackAttachProcess
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ObfDereferenceObject
ZwOpenThread
ObOpenObjectByPointer
KeInsertQueueApc
RtlInitUnicodeString
PsLookupProcessByProcessId
_except_handler3
IoDeleteSymbolicLink
IoDeleteDevice
KeInitializeSpinLock
KeClearEvent
IoCreateNotificationEvent
IoAllocateWorkItem
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ZwOpenKey
PsGetCurrentProcessId
RtlFreeAnsiString
RtlUpperString
RtlUnicodeStringToAnsiString
_local_unwind2
PsLookupThreadByThreadId
KeSetEvent
KeWaitForSingleObject
KeReleaseSemaphore
KeTickCount
KeBugCheckEx
KeDelayExecutionThread
ExFreePool
MmGetSystemRoutineAddress
DbgPrint

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3029778c17fa1767e2d887bfaec280c8

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 896B - Virtual size: 772B

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 896B - Virtual size: 772B

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB