8547f35c1a1387afb569bcaf40e8ff60_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8547f35c1a1387afb569bcaf40e8ff60_JaffaCakes118
Size

18KB
MD5

8547f35c1a1387afb569bcaf40e8ff60
SHA1

f46ce07838adfcb42684511e6fe947f183236f40
SHA256

0f17e9c923fa9f06b58e3011de50446a5570f6ef0c4d71b2bafe9066f7301aeb
SHA512

61a5296ab71d1948ec5f97caca75d009ff8cd9ccb82c239200e9a22e38de02c77a079ca847300d88ab41581d4067bf7919ea257d6f26b043fbc6a63982b52b6e
SSDEEP

384:1JQBHmSblDzB2aIErUEB7M1vxizttly2Rz12:1JQBHtblDzMaIErUsIZcly21

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8547f35c1a1387afb569bcaf40e8ff60_JaffaCakes118

Files

8547f35c1a1387afb569bcaf40e8ff60_JaffaCakes118
.sys windows:6 windows x86 arch:x86

9654f79c977dd8370105a9a8c8de35a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\extended-zwhook-sept-2010\zwhook-sr-dll-injection-nokillprocess-v2\objfre_wnet_x86\i386\comint32.pdb

Imports

ntoskrnl.exe

ZwWriteFile
ZwReadFile
ZwOpenFile
ExFreePoolWithTag
DbgPrint
IoCsqInitialize
KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
memset
ExAllocatePoolWithTag
PsGetVersion
ZwClose
_snprintf
RtlInitUnicodeString
_snwprintf
wcschr
_vsnprintf
tolower
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
ZwQuerySystemInformation
IoGetCurrentProcess
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
ObfDereferenceObject
ZwQueryInformationProcess
ZwOpenProcess
strncpy
PsGetCurrentProcessId
ZwQueryInformationFile
strstr
ZwMapViewOfSection
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IofCompleteRequest
IoCsqInsertIrp
IoCsqRemoveNextIrp
KeTickCount
KeBugCheckEx
ZwDeleteFile
ZwSetInformationFile
MmUnmapLockedPages
IoFreeMdl

hal

KfAcquireSpinLock
KeQueryPerformanceCounter
KfReleaseSpinLock

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9654f79c977dd8370105a9a8c8de35a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 396B

.data Size: 512B - Virtual size: 1KB

PAGE Size: 512B - Virtual size: 228B

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 396B

.data
Size: 512B - Virtual size: 1KB

PAGE
Size: 512B - Virtual size: 228B

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB