b1981a7b1cfa8165f5a88712a1fc88cd_JaffaCakes118

General

Target

b1981a7b1cfa8165f5a88712a1fc88cd_JaffaCakes118
Size

13KB
MD5

b1981a7b1cfa8165f5a88712a1fc88cd
SHA1

d7badc70b01cf41a022b438b13ad73465418d550
SHA256

931bbfddc36208fee97419596511960807a8ae2f73f252a5e9e232f32238e3bb
SHA512

3ea1384850fab387f885f993899e4deed273dd828ab850c5817b4360bb4412420b7ab6882cb144ece67289f8fe6cbbfa33a62264caa6d41c66c4749f31f5f00b
SSDEEP

192:CFXQA63nHyzsQ3buG+XxpUM8VE69NXIrwEDgS0a:CFXL63ysQ36hBp18OACwQgS0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1981a7b1cfa8165f5a88712a1fc88cd_JaffaCakes118

Files

b1981a7b1cfa8165f5a88712a1fc88cd_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e70b9294fa3288e6131db810d9ffdb21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\new_dog\__sun\sys\objfre_w2K_x86\i386\hook.pdb

Imports

ntoskrnl.exe

IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
KeInitializeSpinLock
MmMapLockedPages
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeIrp
KeSetEvent
_wcsicmp
MmIsAddressValid
ZwClose
ZwReadFile
ZwQueryInformationFile
IoCreateFile
ZwCreateFile
RtlInitUnicodeString
ZwQuerySystemInformation
IoDriverObjectType
KeWaitForSingleObject
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
ObReferenceObjectByHandle
IoFileObjectType
RtlCompareUnicodeString
ObfReferenceObject
_allmul
ZwSetInformationFile
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
_stricmp
ObReferenceObjectByName
ExFreePool

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e70b9294fa3288e6131db810d9ffdb21

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 256B - Virtual size: 204B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 614B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 256B - Virtual size: 204B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 614B