9662861528f7ea4a060b264eb14a7114_JaffaCakes118

General

Target

9662861528f7ea4a060b264eb14a7114_JaffaCakes118
Size

14KB
MD5

9662861528f7ea4a060b264eb14a7114
SHA1

b8a07fd3b26bd7ed5545be328ede801ea01074ca
SHA256

c861be86b9d493da497f4365ff5ffde531fa40a3f818990db65089759cf3802b
SHA512

b93741e54fe7c41a71cc1be0fda9efa8414e166cd50db4d0f794579900b911462c33d8e98736c8364909ca573d21de3d5996c05174d95b113467f9eaa95a185e
SSDEEP

192:Xj3AIEkn7fc0+mwCaSvCXFrQmlly9wqDZNHc+PMFERJ5:Xj3bEk7fcBPS42mTU1c+PMFERJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9662861528f7ea4a060b264eb14a7114_JaffaCakes118

Files

9662861528f7ea4a060b264eb14a7114_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0e76c132498e15b8a3413fc6231e2739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sun\sys\objfre_w2K_x86\i386\hook.pdb

Imports

ntoskrnl.exe

MmUnlockPages
MmUnmapLockedPages
KeInitializeSpinLock
MmMapLockedPages
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeIrp
KeSetEvent
ZwClose
ZwReadFile
ZwQueryInformationFile
IoCreateFile
ZwCreateFile
RtlInitUnicodeString
ObReferenceObjectByName
IoDriverObjectType
KeWaitForSingleObject
IoFreeMdl
KeInitializeEvent
IoAllocateIrp
ObReferenceObjectByHandle
IoFileObjectType
MmIsAddressValid
RtlCompareUnicodeString
ObfReferenceObject
_allmul
IoGetDeviceObjectPointer
ZwSetInformationFile
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
_wcsicmp
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
ZwQuerySystemInformation
ExAllocatePoolWithTag
_stricmp
KeGetCurrentThread
ExFreePool

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e76c132498e15b8a3413fc6231e2739

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 256B - Virtual size: 208B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 654B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 256B - Virtual size: 208B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 654B