b728f00f03a3cde7d2be10ab94a1bc33_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b728f00f03a3cde7d2be10ab94a1bc33_JaffaCakes118
Size

23KB
MD5

b728f00f03a3cde7d2be10ab94a1bc33
SHA1

867adf9d453b265a97a315c704a75e94dad1d4fc
SHA256

ed4d2eeec11cbe0bb1d64f22dd402589c8d5c6c4ebf41917c476b95fbce93469
SHA512

d304ce31810d82e716a56a13db023f3aaa654abe0af064c239ba2d9d55a569235ddeea25cd9b7910a5d2a245e374dd92246b2f4e98ce1c88fa5bc2191a46b21e
SSDEEP

384:wcuGVm0R2Q0HRrR9joANqDEvUZW2MPxwWrg:w4mRQ0HJlqDEvF2MPJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b728f00f03a3cde7d2be10ab94a1bc33_JaffaCakes118

Files

b728f00f03a3cde7d2be10ab94a1bc33_JaffaCakes118
.sys windows:6 windows x86 arch:x86

f714a594bf60dd6622c86a445efa7e6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hacklab\win\drivers\h105d\objfre_wxp_x86\i386\h105d.pdb

Imports

ntoskrnl.exe

ZwOpenKey
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
ZwCreateEvent
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ZwQueryVolumeInformationFile
ExFreePoolWithTag
ExAllocatePool
ZwOpenFile
PsCreateSystemThread
NtQueryDirectoryFile
NtVdmControl
ZwWriteFile
ZwCreateFile
RtlCompareUnicodeString
KeServiceDescriptorTable
NtQuerySystemInformation
NtCreateFile
RtlCopyUnicodeString
NtDeleteFile
NtOpenFile
ObfDereferenceObject
ObReferenceObjectByHandle
strncmp
ZwCreateKey
strncpy
PsGetProcessImageFileName
IoGetCurrentProcess
NtMapViewOfSection
PsGetVersion
ZwQuerySystemInformation
PsLookupProcessByProcessId
KeInsertQueueApc
KeInitializeApc
KeGetCurrentThread
memcpy
MmIsAddressValid
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
memset
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupThreadByThreadId
ZwReadFile
ZwQueryValueKey
ZwQueryInformationFile
KeTickCount
KeBugCheckEx
ZwClose
_strlwr
ZwWaitForSingleObject
RtlUnwind

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f714a594bf60dd6622c86a445efa7e6e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1010B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1010B