5ce790274b7507740e9983d2efe69c17_JaffaCakes118

General

Target

5ce790274b7507740e9983d2efe69c17_JaffaCakes118
Size

12KB
MD5

5ce790274b7507740e9983d2efe69c17
SHA1

592ec8fd148214b395db60d3bc1f553c7c841f27
SHA256

2fb2b9c91ed2da4a80190f15d0b62bd5c0c1708dbcac52f7b4b8b0f5fb43cd17
SHA512

4bfb5b1620cf182c7d5ce704e410a4fbc2943a3402f67447f5c1088e40a1d242ad54c07cf66efec4825236aed3f5881fe7f9b28b0119e38ee1a19a222025cde7
SSDEEP

192:s7b/QDpJLdG3p5dQYagFc7NggON2s2IJF/C1x41B:s78DpJLdQpKX75ON7HJF/CP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ce790274b7507740e9983d2efe69c17_JaffaCakes118

Files

5ce790274b7507740e9983d2efe69c17_JaffaCakes118
.sys windows:6 windows x86 arch:x86

1f27537588495f79f323114bb6f73ab1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\drvdev\works\portless\portless\objfre_wxp_x86\i386\PortLess.pdb

Imports

ntoskrnl.exe

memset
IoDriverObjectType
ZwClose
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenDirectoryObject
RtlInitUnicodeString
NtBuildNumber
IoDeviceObjectType
NtDeviceIoControlFile
IoAttachDeviceByPointer
IoRaiseHardError
NtSetQuotaInformationFile
RtlUpcaseUnicodeChar
MmIsAddressValid
ExFreePoolWithTag
ExAllocatePoolWithTag
IoCreateDevice
KeTickCount
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
memcpy
_stricmp
strrchr
ZwQuerySystemInformation
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
KeBugCheckEx
IoDeleteDevice
IofCompleteRequest

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 343B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f27537588495f79f323114bb6f73ab1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 384B - Virtual size: 343B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 592B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 384B - Virtual size: 343B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 592B