83dbf3db09872add9372da5f8aad67f6_JaffaCakes118

General

Target

83dbf3db09872add9372da5f8aad67f6_JaffaCakes118
Size

18KB
MD5

83dbf3db09872add9372da5f8aad67f6
SHA1

3b37b0badde387efbd46be87d096bf2a9b0f77a0
SHA256

3a2994de378dd3e30e9b099aa98171fe66e157b0dac2daff083f5e42ea854364
SHA512

6b43c65694632ef283497003ad9dd12ec0f9cb6a39792a0ab84b2584dcd185e37d07049e2d7eba946797cf02ca0a81619aab31f17aaf13679d34764641924d5e
SSDEEP

192:/UzPfjssk/DgD82ON9bL4Nd/SxCfT5Jd7/FV2Cleuznp6Qb3c8ogDnp2sswVg1:SfArgD+N9QfSxwT9W+euwQ48hN2og

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83dbf3db09872add9372da5f8aad67f6_JaffaCakes118

Files

83dbf3db09872add9372da5f8aad67f6_JaffaCakes118
.sys windows:5 windows x86 arch:x86

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sOFT\sMR\会员版\pCHIDE\OBJCHK\I386\sadfedgergreg.PDB

Imports

ntoskrnl.exe

sprintf
_strupr
ExFreePoolWithTag
ExAllocatePoolWithTag
wcscpy
wcscmp
wcslen
RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwEnumerateKey
ZwOpenKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
IofCompleteRequest
ObReferenceObjectByHandle
ObfDereferenceObject
ObQueryNameString
RtlInitAnsiString
ZwClose
ZwSetValueKey
swprintf
strchr
wcsncmp
RtlAssert

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e6d6e2f816818a11578bed690bd7fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 968B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 896B - Virtual size: 820B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 968B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 896B - Virtual size: 820B