46f2389fc86d82f0c8bdc6529421a688_JaffaCakes118

General

Target

46f2389fc86d82f0c8bdc6529421a688_JaffaCakes118
Size

63KB
MD5

46f2389fc86d82f0c8bdc6529421a688
SHA1

ef16da0311fd395f1bdb1dc11ad3a85d63ab4aac
SHA256

6e7cf2452b0829e5b33e2c95c10442425c1612b1224665c151538b25b08a2080
SHA512

c148cfcbe7cef27f6bc509aa9c3c7f0d2cad0ae63eb8657e79f24e947843c22851fcefe1e8eb160f357e62f9728551e727c9dc3a899c333e28bc8048174c3165
SSDEEP

384:iDReNJWlNPMGbZD6Gojx6bAhW3caLbg0Q3tj1SV2lWPHbQQkAg4L6DAOKnhxid+1:dNAluGbVtoj4t6ayVqS1eSFJv2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46f2389fc86d82f0c8bdc6529421a688_JaffaCakes118

Files

46f2389fc86d82f0c8bdc6529421a688_JaffaCakes118
.sys windows:5 windows x86 arch:x86

55bd123c63470ed5f5b4c8a3501faaae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\works\kernelbots_up18\driver\bypass\bypass\i386\bypass.pdb

Imports

ntoskrnl.exe

MmIsAddressValid
KeServiceDescriptorTable
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
_strnicmp
KeDetachProcess
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
strncmp
IoGetCurrentProcess
IoDeleteDevice
RtlInitUnicodeString
IofCompleteRequest
MmUserProbeAddress
NtBuildNumber
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55bd123c63470ed5f5b4c8a3501faaae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 49KB - Virtual size: 49KB

INIT Size: 1024B - Virtual size: 868B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 49KB - Virtual size: 49KB

INIT
Size: 1024B - Virtual size: 868B

.reloc
Size: 3KB - Virtual size: 3KB