93db3a3e09ab5dca68e2f2dca92f64c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

93db3a3e09ab5dca68e2f2dca92f64c3_JaffaCakes118
Size

11KB
MD5

93db3a3e09ab5dca68e2f2dca92f64c3
SHA1

f428e47f1ec6d195bbdee785e7059ab41bf17df9
SHA256

d09128e99dc7c6ece3ce3c91a99e719659bcd84e95234a6a2e385ce26f5e74a5
SHA512

7a2a2b695abb70faa821371f024982d5acb295c047be58b05258ec8d6997d8c64be45f530bf4f65caba9c1b85f8dbcd103c2075f865cee8afbac6891d1d33945
SSDEEP

192:97tVe+i4C/XPI/f5S+U9tiD697xt7dZUdo+GdYFgtJvS:9fJhCfI/f5t6xN7D+IDJvS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93db3a3e09ab5dca68e2f2dca92f64c3_JaffaCakes118

Files

93db3a3e09ab5dca68e2f2dca92f64c3_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7c5c61e9d9017c9147f053c01d833f94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\Crater\objfre_wxp_x86\i386\Crater.pdb

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IoCreateDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
ExFreePoolWithTag
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
DbgPrint
MmProbeAndLockPages
IoAllocateMdl
RtlCompareMemory
KeSetEvent
IoDeleteDevice
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
IoAllocateIrp
KeClearEvent
KeInitializeEvent
IoFreeWorkItem
MmIsAddressValid
IoQueueWorkItem
IoAllocateWorkItem
IoDetachDevice
IoWMIRegistrationControl
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
RtlInitUnicodeString
_except_handler3
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IofCompleteRequest
IofCallDriver
IoFreeIrp
IoReleaseRemoveLockEx

hal

KeGetCurrentIrql

wmilib.sys

WmiCompleteRequest
WmiSystemControl
WmiFireEvent

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c5c61e9d9017c9147f053c01d833f94

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 384B - Virtual size: 318B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 394B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 318B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 394B