864fe714ed5f8c425138d709126eab79_JaffaCakes118

General

Target

864fe714ed5f8c425138d709126eab79_JaffaCakes118
Size

30KB
MD5

864fe714ed5f8c425138d709126eab79
SHA1

0f77f076fee009277c82abffcec77bd0e5149bc4
SHA256

995315436d9840f1bb3d9bdd2ab684eddc1caae3eb0c5e0a792742d8b5d642c8
SHA512

6137f964ff747c857d162aa6c5ac74e5c687f10327521479fe2c08e763b255f136ac2908c55d28fee6ee746ad87c8c6858f55332e4c295e5bd98b693a8066246
SSDEEP

384:2AKb8U2H2TFKcUJk+QUs9iYoRZDb66MR8tDuWQjZc4P3PBgeBNfQvcdsJElgqSzZ:2rLjZKPk+QkrK6MKoWQWCeMW3Dk1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
864fe714ed5f8c425138d709126eab79_JaffaCakes118

Files

864fe714ed5f8c425138d709126eab79_JaffaCakes118
.sys windows:6 windows x86 arch:x86

7379fee964c68011ae0f979b979ee9cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\0soft_v03\loader\rootkit\v1.0\driver\objfre_wxp_x86\i386\drive4.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
NtBuildNumber
RtlInitUnicodeString
wcsncpy
memset
PsLookupProcessByProcessId
PsTerminateSystemThread
KeCancelTimer
KeWaitForSingleObject
KeSetTimerEx
KeInitializeTimerEx
IofCompleteRequest
ExFreePoolWithTag
ZwClose
ZwWriteFile
ZwCreateFile
ExAllocatePool
DbgPrint
_except_handler3
memcpy
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ObReferenceObjectByHandle
ZwOpenThread
ObfReferenceObject
ObfDereferenceObject
KeUnstackDetachProcess
MmUnmapLockedPages
KeStackAttachProcess
IoFreeMdl
IoDeleteDevice
KeInitializeApc
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
wcsncmp
ObOpenObjectByName
wcsstr
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
ExAllocatePoolWithTag
MmIsAddressValid
IoRegisterFsRegistrationChange
KeInitializeMutex
KeInsertQueueApc

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7379fee964c68011ae0f979b979ee9cb

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 492B

.data Size: 21KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 492B

.data
Size: 21KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B