8ad6acd7efcba2734afb61bb5e88c41e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ad6acd7efcba2734afb61bb5e88c41e_JaffaCakes118
Size

22KB
MD5

8ad6acd7efcba2734afb61bb5e88c41e
SHA1

93d882a4acd93fc4673fda2bfae9825de3259c39
SHA256

1b2188c7fe9c24d1d37ba02705be109e81226b44244987028f91c9c2a24749bf
SHA512

d263766742c9ab71bc3e84de77dcb4a966e773183d531499b99705b4130c37af4fbbcaac941fb3a446805b0e29c4b0a34667d1e6834f35e50efbd877e99eb06e
SSDEEP

384:h36R+rUAG4CZno6Tz5WZ6WY/JWwdpmovgy9woQ16UmyrnF9a1iuR8qB4QqFEQzzp:sxvZrw8/BpmoIy9ROuMLaT8q2QqFx8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ad6acd7efcba2734afb61bb5e88c41e_JaffaCakes118

Files

8ad6acd7efcba2734afb61bb5e88c41e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ae7af65c91def368b78cf6daaa295831

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mskssrv.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ExFreePool
ExAllocatePoolWithTag
memmove
RtlCompareMemory
ObfDereferenceObject
ZwSetValueKey
ZwClose
ObReferenceObjectByHandle
IoFileObjectType
IoCreateFile
ZwQueryValueKey
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
IofCompleteRequest
KeTickCount
KeBugCheckEx

ks.sys

KsQueryDevicePnpObject
KsSetDevicePnpAndBaseObject
KsAllocateDeviceHeader
KsSynchronousIoControlDevice
KsCacheMedium
KsDereferenceSoftwareBusObject
KsAllocateObjectHeader
KsReferenceSoftwareBusObject
KsFreeObjectHeader
KsPropertyHandler
KsNullDriverUnload
KsSetMajorFunctionHandler
KsDefaultForwardIrp
KsDefaultDispatchPower
KsDefaultDispatchPnp

Sections

.text
Size: 384B - Virtual size: 362B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yglt
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae7af65c91def368b78cf6daaa295831

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ks.sys

Sections

.text Size: 384B - Virtual size: 362B

.data Size: 128B - Virtual size: 8B

PAGE Size: 3KB - Virtual size: 3KB

INIT Size: 1KB - Virtual size: 1KB

.yglt Size: 15KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 384B - Virtual size: 282B

.text
Size: 384B - Virtual size: 362B

.data
Size: 128B - Virtual size: 8B

PAGE
Size: 3KB - Virtual size: 3KB

INIT
Size: 1KB - Virtual size: 1KB

.yglt
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 384B - Virtual size: 282B