4c50c723230e1c5f1a17870a4eb15376_JaffaCakes118

General

Target

4c50c723230e1c5f1a17870a4eb15376_JaffaCakes118
Size

17KB
MD5

4c50c723230e1c5f1a17870a4eb15376
SHA1

524afca38fbca868321368ff834ec0507fd55e68
SHA256

c3eefcbb576fc4909b41ed3927c9c236c42110d3a9b094ec6015232f46a13695
SHA512

8b91ff4e1ca33aaa1892ecebf8c4d6c4f29c568993a691b8dc2481fa611ecbb6e0c66f8b7f94823f875cdd856b8c5028fd0dbf947bfc43815c7086ea2610b56b
SSDEEP

384:24Z0SrIEC+VmYdtCDizwkJGE3zLau26gwSwB:j0SrU+VLSDywknLf26io

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c50c723230e1c5f1a17870a4eb15376_JaffaCakes118

Files

4c50c723230e1c5f1a17870a4eb15376_JaffaCakes118
.sys windows:4 windows x86 arch:x86

270e9681d9487e647293615b36e01968

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

tdi.sys

TdiCopyMdlToBuffer

ntoskrnl.exe

MmCreateMdl
KeServiceDescriptorTable
IoDeleteDevice
IoCreateSymbolicLink
MmBuildMdlForNonPagedPool
IoCreateDevice
RtlInitUnicodeString
KeInitializeEvent
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoGetDeviceObjectPointer
IoDetachDevice
IofCompleteRequest
IoDeleteSymbolicLink
KeWaitForSingleObject
IofCallDriver
IoFreeIrp
IoFreeMdl
DbgPrint
MmProbeAndLockPages
IoAllocateMdl
IoBuildDeviceIoControlRequest
IoAllocateIrp
KeAttachProcess
ExFreePool
ObOpenObjectByPointer
MmMapLockedPages
PsInitialSystemProcess
ObReferenceObjectByHandle
strncpy
toupper
_wcsicmp
ZwQueryObject
_snprintf
wcslen
ObfDereferenceObject
ObQueryNameString
ZwClose
ZwOpenKey
PsGetCurrentProcessId
ZwEnumerateKey
ZwQueryKey
ZwEnumerateValueKey
memmove
ZwQuerySystemInformation
ZwTerminateProcess
ZwSetValueKey
InterlockedExchange
ZwCreateKey
RtlUnwind
RtlCompareMemory
ExAllocatePoolWithTag
KeSetEvent
KeDetachProcess

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

270e9681d9487e647293615b36e01968

Headers

File Characteristics

Imports

tdi.sys

ntoskrnl.exe

hal

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 256B - Virtual size: 256B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 256B - Virtual size: 256B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB