a20116e3020714dd90ac9187c1e65aac_JaffaCakes118

General

Target

a20116e3020714dd90ac9187c1e65aac_JaffaCakes118
Size

11KB
MD5

a20116e3020714dd90ac9187c1e65aac
SHA1

0365b7cbf2fa770da35853e7efcecbe5d5c7f2ca
SHA256

29615dc9b4f8889066500a51fb935c181e4c3db98ac3fb8ee3761132819a4170
SHA512

cb1dbe898f3c739b193aa639b0e986e02e68a894c433aa359123a3569cc8591db47948a75b02477e659303f977b7347aec918ce3b3ebbf2d527da5d5200a4c58
SSDEEP

192:5aAFPD4AhGxFuju6R5Phu1agBjKrkssnIORBDi2h+K7O4TzR8:5a241xFt6R5PI4gBekPvBDiI+VEzR8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a20116e3020714dd90ac9187c1e65aac_JaffaCakes118

Files

a20116e3020714dd90ac9187c1e65aac_JaffaCakes118
.sys windows:5 windows x86 arch:x86

db7deedca1d9da1273d53b58de8b72d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CDNCLIENT\V2.6\cdntran\sys\objfre\i386\cdntran.pdb

Imports

ntoskrnl.exe

strstr
sprintf
atoi
RtlCompareMemory
isupper
strchr
ExAllocatePoolWithTag
ZwQueryValueKey
ZwEnumerateKey
ExFreePool
ZwClose
ZwQueryKey
tolower
RtlInitUnicodeString
ZwReadFile
ZwQueryInformationFile
wcscat
wcscpy
MmMapLockedPagesSpecifyCache
wcslen
IofCompleteRequest
KeInitializeEvent
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsnicmp
ExfInterlockedInsertTailList
IoGetDeviceObjectPointer
KeInitializeSpinLock
ExfInterlockedRemoveHeadList
wcschr
ZwOpenKey
strncmp
IoGetCurrentProcess
InterlockedExchange
RtlUnwind
MmIsAddressValid
ZwOpenFile

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 448B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 864B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db7deedca1d9da1273d53b58de8b72d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

tdi.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 448B - Virtual size: 448B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 864B - Virtual size: 860B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 448B - Virtual size: 448B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 864B - Virtual size: 860B