b8535c2ae26291dc1e1747119a6f66bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8535c2ae26291dc1e1747119a6f66bf_JaffaCakes118
Size

126KB
MD5

b8535c2ae26291dc1e1747119a6f66bf
SHA1

5d25761c332b7959d1dc4128a4d90b6186957268
SHA256

1bc8e1c8945a8e5af311fb9ae5235e968310fff2809b2da214987b4b7c87bde6
SHA512

18845fcb067f9b366266d73fd3f846bc944fd40414f9746ab16f772e208d4209876387dc68047a2454072b1be0ef71e64ef50fd20e2615ddab337a7d5ce1f661
SSDEEP

1536:ADDB/ihXu2Vbva50PZJG3xU8CBXV3etjE+oLaqjFq1H+coiAqUE28xhnLa:ADDBah/bC50ofCBF3etXqpqVwiAN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8535c2ae26291dc1e1747119a6f66bf_JaffaCakes118

Files

b8535c2ae26291dc1e1747119a6f66bf_JaffaCakes118
.sys windows:5 windows x86 arch:x86

992df146af23236ced650606067a1ae0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\darkspy\objfre_wnet_x86\i386\DarkSpyKernel.pdb

Imports

ntoskrnl.exe

PsGetVersion
MmGetSystemRoutineAddress
ZwSetValueKey
ExConvertExclusiveToSharedLite
SeDeassignSecurity
ZwClose
RtlInitAnsiString
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoCreateSymbolicLink
IoCreateDevice
_alldiv
PsLookupProcessByProcessId
RtlFreeUnicodeString
ObfDereferenceObject
RtlCompareUnicodeString
ObQueryNameString
RtlAnsiStringToUnicodeString
ObReferenceObjectByHandle
ObOpenObjectByName
_stricmp
KeUnstackDetachProcess
wcscpy
KeStackAttachProcess
_except_handler3
ObOpenObjectByPointer
PsThreadType
KeGetCurrentThread
KeInsertQueueApc
KeInitializeApc
ZwTerminateProcess
wcscmp
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlCompareMemory
ZwOpenDirectoryObject
ZwCreateFile
_allmul
KeSetEvent
InterlockedIncrement
KeWaitForSingleObject
SeCreateAccessState
IoGetFileObjectGenericMapping
IoFreeIrp
ObCreateObject
IoFileObjectType
IoAllocateIrp
KeInitializeEvent
RtlEqualUnicodeString
IoBuildAsynchronousFsdRequest
MmProbeAndLockPages
IoAllocateMdl
IoFreeMdl
MmUnlockPages
ExAllocatePoolWithQuotaTag
wcslen
SeSetAccessStateGenericMapping
RtlMapGenericMask
KeInitializeSpinLock
ZwWaitForSingleObject
wcscat
InterlockedDecrement
ZwOpenKey
KeServiceDescriptorTable
IoCreateFile
IofCallDriver
IoBuildDeviceIoControlRequest
ObReferenceObjectByName
IoDriverObjectType
FsRtlGetFileSize
ZwReadFile
ZwOpenFile
RtlUpcaseUnicodeChar
KeBugCheckEx
strncmp
RtlQueryRegistryValues
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExFreePoolWithTag
ExDeleteNPagedLookasideList
strncpy
PsLookupThreadByThreadId
NtBuildNumber
NtClose
NtReadFile
ZwQueryInformationFile
NtOpenFile
_snwprintf
RtlAppendUnicodeToString
KdDisableDebugger
KdDebuggerEnabled
IoStartTimer
IoInitializeTimer
IoGetDeviceObjectPointer
MmSystemRangeStart
swprintf
RtlCompareString
RtlInitString
ZwMapViewOfSection
ZwCreateSection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlAppendUnicodeStringToString
KeTickCount
KeSetAffinityThread
KeDelayExecutionThread
InterlockedExchange
ExFreePool
RtlInitUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
IoGetCurrentProcess
MmIsAddressValid
IofCompleteRequest

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
HalSetBusData
HalReadDmaCounter
HalSetBusDataByOffset
HalInitializeProcessor

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bssB
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

992df146af23236ced650606067a1ae0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 47KB - Virtual size: 81KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 6KB - Virtual size: 6KB

.bssB Size: 11KB - Virtual size: 11KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 47KB - Virtual size: 81KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 6KB - Virtual size: 6KB

.bssB
Size: 11KB - Virtual size: 11KB