601b3f2466bfa6989b9c7586b5ba54aa_JaffaCakes118

General

Target

601b3f2466bfa6989b9c7586b5ba54aa_JaffaCakes118
Size

11KB
MD5

601b3f2466bfa6989b9c7586b5ba54aa
SHA1

454949e35bb28b8c2bf6b05dc27e8b30795a3ad6
SHA256

5c64b14604e6651b7e5ea01f8b580898c1726d944e33c71a35c194f3ab1429eb
SHA512

030c9a25ee3c00963ac44340fc7846a31666f285b82d738d94ac539a618d7e0909629d1d4d6aacd23b3700d6bd4a613ba0cca9eaa8fee491c9a03f5a021249f9
SSDEEP

192:xhxyrJKaKV97aY1aHfQcVcXsyGWSpSWw6mVYU65ReikT53APy:kLKifQcVxpSWIYU65Yi21A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
601b3f2466bfa6989b9c7586b5ba54aa_JaffaCakes118

Files

601b3f2466bfa6989b9c7586b5ba54aa_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3527ed62d5591c86b400f9ae565d6ee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DirectDiskForWin32\KillProcess\objfre_wxp_x86\i386\pcidump.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrint
PsTerminateSystemThread
ExAllocatePoolWithTag
MmIsAddressValid
ObfDereferenceObject
strncmp
IoGetCurrentProcess
strncpy
_stricmp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
ZwClose
ObReferenceObjectByHandle
ZwCreateFile
IoCreateFile
IoFreeIrp
KeSetEvent
IoDeleteDevice
KeGetCurrentThread
IoAllocateIrp
PsGetCurrentProcessId
ZwQueryInformationFile
ZwReadFile
ZwDeviceIoControlFile
RtlCompareMemory
PsCreateSystemThread
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
_except_handler3
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
_alldiv
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
ExFreePoolWithTag
KeServiceDescriptorTable
ZwQuerySystemInformation
IofCompleteRequest
_vsnwprintf

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfAcquireSpinLock

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3527ed62d5591c86b400f9ae565d6ee0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 358B

.data Size: 256B - Virtual size: 208B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 884B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 358B

.data
Size: 256B - Virtual size: 208B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 884B