4a07366882467a45daf8d963a718e35a_JaffaCakes118

General

Target

4a07366882467a45daf8d963a718e35a_JaffaCakes118
Size

12KB
MD5

4a07366882467a45daf8d963a718e35a
SHA1

d72562baaafe7543dea555f837a6b864d82b89c6
SHA256

8dfd8ff6f2c86122cdbd32c1f6186418c9da4d24acaf635cac87903300632942
SHA512

5872be3681a948de3dbcc7d78f8466cd48d50d2426cc1d0b809379205975aa9538f9d53cdc3f1676030fc227cdbebd257862346519c3dcb76b7fb4c3fd2f5d7e
SSDEEP

192:ZZ8qcPLja4ex5tZxvLFU5/iPUen1ptzptQgxZBHnUi2H+D+RpFwF:ZaPaLfvax1+TntNxZBHnUf+DKpFs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a07366882467a45daf8d963a718e35a_JaffaCakes118

Files

4a07366882467a45daf8d963a718e35a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

8371b73b93bf3d18277fa9f8bde0d8ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\dev\ircbot\src\blr\driver.pdb

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
strstr
ObfDereferenceObject
wcslen
ObQueryNameString
ObReferenceObjectByHandle
KeReleaseMutex
KeWaitForSingleObject
wcsncpy
IoGetCurrentProcess
KeServiceDescriptorTable
strncmp
PsLookupProcessByProcessId
ZwClose
wcsncat
wcscat
wcscpy
ZwDeleteValueKey
ExFreePoolWithTag
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwQueryDirectoryFile
ZwOpenFile
ZwCreateFile
ZwOpenThread
ZwOpenProcess
IofCompleteRequest
NtBuildNumber
KeInitializeMutex
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf
wcsncmp
ObOpenObjectByName
wcsstr
_except_handler3
RtlImageDirectoryEntryToData
ZwSetValueKey
ProbeForRead

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8371b73b93bf3d18277fa9f8bde0d8ea

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 384B - Virtual size: 373B

.data Size: 128B - Virtual size: 120B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 506B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 384B - Virtual size: 373B

.data
Size: 128B - Virtual size: 120B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 506B