88954bea8fa6578ef320ed8b3f4e9c1e_JaffaCakes118

General

Target

88954bea8fa6578ef320ed8b3f4e9c1e_JaffaCakes118
Size

11KB
MD5

88954bea8fa6578ef320ed8b3f4e9c1e
SHA1

362c8993f2859c451d66a976986e4f71c0b9209e
SHA256

aed50c772a7bb08fd2e56254339b737298d03f5a4acf7ab32a4b7ec842ad0eab
SHA512

38ec39ea1ed8bccf4aef6166df05398ca4c7702d79838188bee993b84f9244fff76875264161e281674119b7edfdadf8209b0965ecb99da702be688dc60409f4
SSDEEP

192:hDnK/nEDiupVEtUT+90Y/HjApgxDl+IQSzro8tGdm:9wnC57dTs/D+u5TQd8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88954bea8fa6578ef320ed8b3f4e9c1e_JaffaCakes118

Files

88954bea8fa6578ef320ed8b3f4e9c1e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

63b1f34969b362c818ca03d6673e2e08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Developement\TwProject\TdiUpdate2k\TdiTransfer\objfre\i386\TdiUpdate.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
strncpy
KeServiceDescriptorTable
DbgPrint
ZwEnumerateValueKey
NtQueryDirectoryFile
ZwEnumerateKey
NtDeviceIoControlFile
ZwClose
RtlInitUnicodeString
memset
ExFreePoolWithTag
ObReferenceObjectByHandle
ObfDereferenceObject
KeReleaseMutex
KeWaitForSingleObject
wcsncmp
KeDelayExecutionThread
KeSetEvent
PsTerminateSystemThread
KeClearEvent
PsCreateSystemThread
KeInitializeEvent
IoCreateDevice
memcpy
RtlCompareMemory
IoFreeIrp
IofCallDriver
IoAllocateIrp
IoGetRelatedDeviceObject
KeResetEvent
ZwCreateFile
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
MmUnlockPages
IoDeleteSymbolicLink
IoCreateSymbolicLink
RtlAppendUnicodeToString
KeInitializeMutex
KeInitializeSpinLock
IofCompleteRequest
ExAllocatePoolWithTag
IoDeleteDevice

hal

KeGetCurrentIrql

ndis.sys

NdisFreeMemory
NdisAllocateMemory

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63b1f34969b362c818ca03d6673e2e08

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 930B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 930B