af79c26449e8de4c4237f625c6b29454_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af79c26449e8de4c4237f625c6b29454_JaffaCakes118
Size

9KB
MD5

af79c26449e8de4c4237f625c6b29454
SHA1

662dbf3f44b0159d798f3c6fcd2e3ce96c9cfedc
SHA256

3431caee289eafbf89b1da56224babb441e7e2de7dd52212f37d3f0dc0c7115d
SHA512

a7efca9fc444b975d4f2df8762b0fc2e566152b2eadcc1dac546d6ece01cdcaeef75a458e2f1bda6b5ed494b6c10e5ca3f027b36d8d4836602eb589de5026c5f
SSDEEP

96:AQQSpRtDReBu27aUh51aUvcTx92ZV6/QnFVBgdWumjXW9Kc6D5EVJcFHF1qTR:aSVReB97aY1aknYWVqFCXS9V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af79c26449e8de4c4237f625c6b29454_JaffaCakes118

Files

af79c26449e8de4c4237f625c6b29454_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7d4d79826411e88633def7fe60f856c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\KillProcess\objfre_wxp_x86\i386\pcidump.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrint
PsTerminateSystemThread
ExAllocatePoolWithTag
MmIsAddressValid
ObfDereferenceObject
strncmp
IoGetCurrentProcess
strncpy
_stricmp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
ZwClose
ObReferenceObjectByHandle
ZwCreateFile
IoDeleteDevice
IoFreeIrp
KeSetEvent
KeGetCurrentThread
IoAllocateIrp
IoGetRelatedDeviceObject
IoFileObjectType
PsCreateSystemThread
PsGetCurrentProcessId
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlCompareMemory
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
ExFreePoolWithTag
KeServiceDescriptorTable
ZwQuerySystemInformation
IofCompleteRequest
IoCreateFile
_vsnwprintf

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfAcquireSpinLock

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d4d79826411e88633def7fe60f856c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 384B - Virtual size: 307B

.data Size: 256B - Virtual size: 176B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 588B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 307B

.data
Size: 256B - Virtual size: 176B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 588B