b5ab66687d53914a65447aacc8fb3e88_JaffaCakes118

General

Target

b5ab66687d53914a65447aacc8fb3e88_JaffaCakes118
Size

15KB
MD5

b5ab66687d53914a65447aacc8fb3e88
SHA1

52324e5f75c8d7ba6a085cb92c84fd1f1042bb1e
SHA256

4ddfabe1b2f3ad0d60b795f7123db0006778800c038401ee780213f01bca1090
SHA512

4a33091d6d0f4cf3f3c699f669f3e6acb84ad3ccf622d6c867ae6348a9ecade23a179a0bc96b411ea498a0aae90fcd8cab9fd473a12bcdfaaa9b6073fc9aa02b
SSDEEP

384:MEyXdmAidN2YK9/CLhNvqEeAc1lUbIpZ:0XdjiX2HGnqaID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5ab66687d53914a65447aacc8fb3e88_JaffaCakes118

Files

b5ab66687d53914a65447aacc8fb3e88_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c125b5d918e92e45ee27e622ec116932

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\playsp_sys\objchk_wxp_x86\i386\PlaySP_sys.pdb

Imports

ntoskrnl.exe

ExDeletePagedLookasideList
RtlAssert
IoAllocateIrp
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoCancelIrp
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
ZwClose
InterlockedPushEntrySList
IoGetDeviceObjectPointer
RtlInitUnicodeString
InterlockedPopEntrySList
ExFreePoolWithTag
ObReferenceObjectByHandle
ExInitializePagedLookasideList
ExAllocatePoolWithTag
DbgPrint
IoCreateSymbolicLink
PsCreateSystemThread
IoDeleteDevice
PsGetVersion
IoCreateDevice
RtlFreeUnicodeString
ZwSetValueKey
ZwOpenKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteSymbolicLink
ZwUnloadDriver
IofCompleteRequest
KeClearEvent
PsTerminateSystemThread
KeServiceDescriptorTable
ZwDeleteValueKey
KeTickCount
KeBugCheckEx
PsLookupThreadByThreadId
ZwCreateFile
ObfDereferenceObject

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c125b5d918e92e45ee27e622ec116932

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 512B - Virtual size: 452B

.data Size: 384B - Virtual size: 360B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 768B - Virtual size: 744B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 452B

.data
Size: 384B - Virtual size: 360B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 768B - Virtual size: 744B