87e215e67c2f5786e7e7291ac1c6dc05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87e215e67c2f5786e7e7291ac1c6dc05_JaffaCakes118
Size

10KB
MD5

87e215e67c2f5786e7e7291ac1c6dc05
SHA1

f1e146553250c88781db685f7040ab446d31f89f
SHA256

ed0043f97340f99abb621dab1d9efd045fbcfe8e65afdc42ec40c2ffe25d740a
SHA512

fb3f0dfb463a53b79f690150fb85705b7483e74167919cacdb6a1c1ff990230a42030f6d8bc06ea8287d76cd0cfa677cf3e4f181c11a855c0bf9443c81a43c60
SSDEEP

192:LnPrXo1R4IscZaLLEjRkoVh4FPlR5ZQYfmkwio:3mR4pEaLLEjRFVct3ZQYfm3i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87e215e67c2f5786e7e7291ac1c6dc05_JaffaCakes118

Files

87e215e67c2f5786e7e7291ac1c6dc05_JaffaCakes118
.sys windows:5 windows x86 arch:x86

9ae5c098447f545115ec9950579c1a08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WINDDK\2600.1106\src\F4IHook\objfre_wxp_x86\i386\APIFILTER_NT.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCompareString
RtlInitAnsiString
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
ZwDeviceIoControlFile
ZwOpenKey
ZwEnumerateKey
ZwQuerySystemInformation
ZwQueryDirectoryFile
ZwCreateFile
KeServiceDescriptorTable
strncmp
IoGetCurrentProcess
strncpy
memmove
IofCompleteRequest
PsGetCurrentProcessId
wcslen
ProbeForRead
ExAllocatePoolWithTag
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ZwReadFile
ZwSetInformationFile
_alldiv
wcsrchr
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
IoReleaseRemoveLockAndWaitEx
ZwQueryInformationProcess
ObfDereferenceObject
IoGetDeviceObjectPointer
KeInitializeSpinLock
IoInitializeRemoveLockEx
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
RtlCompareUnicodeString
KeWaitForSingleObject
ExFreePoolWithTag

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ae5c098447f545115ec9950579c1a08

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 512B - Virtual size: 393B

.data Size: 128B - Virtual size: 100B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 896B - Virtual size: 816B

.reloc Size: 640B - Virtual size: 604B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 393B

.data
Size: 128B - Virtual size: 100B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 816B

.reloc
Size: 640B - Virtual size: 604B