a06bec3c573ca6489d817fffd5296652_JaffaCakes118

General

Target

a06bec3c573ca6489d817fffd5296652_JaffaCakes118
Size

28KB
MD5

a06bec3c573ca6489d817fffd5296652
SHA1

fd410790b4f5bf978b710b96b35c5ec9eee7deea
SHA256

9e0381ee046530ab7d59127df7be18f32aaa0debe8294758b4e0fb84c9916ab7
SHA512

4b64dcbc5fe9a54ed48da3eac250c4d2ceed33de3d84a62c019c1033f12b4441ecc88bd6daaba5eb416ddf7dec6474dfbed171334ef918baa3e370076962e02a
SSDEEP

384:FzTbYDlQEgKZhzM5jM/DEUHGEASqpLehoy5+k3vUBB:FClQEXWCDEUmrWznfUBB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a06bec3c573ca6489d817fffd5296652_JaffaCakes118

Files

a06bec3c573ca6489d817fffd5296652_JaffaCakes118
.sys windows:6 windows x86 arch:x86

5c4e6755893a02d3d3f93fa0c329d112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hacklab\win\drivers\h105d\objfre_wxp_x86\i386\h105d.pdb

Imports

ntoskrnl.exe

ZwOpenKey
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
NtQueryDirectoryFile
NtVdmControl
ZwWriteFile
ZwCreateFile
RtlCompareUnicodeString
KeServiceDescriptorTable
ExFreePoolWithTag
ExAllocatePool
NtQuerySystemInformation
NtCreateFile
RtlCopyUnicodeString
NtDeleteFile
NtOpenFile
ObfDereferenceObject
ObReferenceObjectByHandle
strncmp
_strlwr
strncpy
ZwCreateKey
IoGetCurrentProcess
NtMapViewOfSection
PsGetVersion
ZwQuerySystemInformation
PsLookupProcessByProcessId
KeInsertQueueApc
KeInitializeApc
KeGetCurrentThread
memcpy
MmIsAddressValid
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
memset
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupThreadByThreadId
ZwReadFile
ZwQueryValueKey
ZwQueryInformationFile
KeTickCount
KeBugCheckEx
ZwClose
PsGetProcessImageFileName
ZwWaitForSingleObject
RtlUnwind

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c4e6755893a02d3d3f93fa0c329d112

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 512B - Virtual size: 436B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 972B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 512B - Virtual size: 436B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 972B