5c02175de191a7fac64bbb77b62637c7_JaffaCakes118

General

Target

5c02175de191a7fac64bbb77b62637c7_JaffaCakes118
Size

27KB
MD5

5c02175de191a7fac64bbb77b62637c7
SHA1

8bf55bc52f698863a625f812225fc14e72015af1
SHA256

2e6d384d3bbaa6452cc6a61ba445bc5fa46046a5416a00861e39c751070d4e33
SHA512

7083dc6e9e72d88fa2aa3da537f266cd250c241b694e1618a646e271e056700701496659a53d3e364c99acc23b1bdeecaaa8a818933f317a4bf9595238e28b61
SSDEEP

768:4rvdTGog5IMfG9T98dAjDw2p15Cl+/8DAbHo:KTGP5I59T98QDnp15ClO8UbHo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c02175de191a7fac64bbb77b62637c7_JaffaCakes118

Files

5c02175de191a7fac64bbb77b62637c7_JaffaCakes118
.sys windows:6 windows x86 arch:x86

7f6b6082dd9b3560d403d1c64ac8a29a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\p\s\objfre_wxp_x86\i386\swe.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest
swprintf
ObfDereferenceObject
IoDetachDevice
IofCallDriver
IoFreeMdl
memcpy
MmBuildMdlForNonPagedPool
IoBuildDeviceIoControlRequest
IoAllocateMdl
PsGetCurrentProcessId
ObReferenceObjectByHandle
IoDeleteDevice
IoReleaseCancelSpinLock
KeInitializeTimer
KeInitializeDpc
KeCancelTimer
KeRemoveQueueDpc
IoAllocateIrp
KeSetTimer
MmMapLockedPagesSpecifyCache
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
RtlInitUnicodeString
KeTickCount
KeBugCheckEx
_aullrem
ExFreePoolWithTag
memset
IoFreeIrp
ExAllocatePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 263B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f6b6082dd9b3560d403d1c64ac8a29a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

tdi.sys

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 384B - Virtual size: 263B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 776B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 384B - Virtual size: 263B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 776B

.reloc
Size: 1KB - Virtual size: 1KB