bd8b123c07d80ef65bbf7815dd25c91b_JaffaCakes118

General

Target

bd8b123c07d80ef65bbf7815dd25c91b_JaffaCakes118
Size

8KB
MD5

bd8b123c07d80ef65bbf7815dd25c91b
SHA1

f88b226ecad261034d0740ee17ca64ea13894958
SHA256

30d7ceadf8396562471f0760ee941cc6daa7b3a0ab5fdadb0cda0550073c497b
SHA512

940d299114583f3893e0a6ea08ee20a55bf73db3574689e475723c953e33446fb36c44d499f1d42f6f23d8ccd87909dcdf4a18652f0fc79bd21b2ecd4cb9f92b
SSDEEP

96:FaRnXKYWky6gv8gVFZ4F6H/zaaRAwWya/3cpP5f0pVelix7DpjdkzhKGN:MKYjBgVza0JpBf3l6UhKG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd8b123c07d80ef65bbf7815dd25c91b_JaffaCakes118

Files

bd8b123c07d80ef65bbf7815dd25c91b_JaffaCakes118
.sys windows:6 windows x86 arch:x86

7cfe82d70157e69fa88e2f6578d4898f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\docume~1\admini~1\mydocu~1\visual~1\projects\download\driver\objchk_wxp_x86\i386\Driver.pdb

Imports

ntoskrnl.exe

memchr
RtlInitString
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
KeGetCurrentThread
RtlFreeAnsiString
KeSetBasePriorityThread
ZwSetInformationThread
ObfDereferenceObject
PsCreateSystemThread
RtlUnicodeStringToAnsiString
ObReferenceObjectByPointer
ObReferenceObjectByHandle
RtlCompareString
strchr
KeServiceDescriptorTable
ZwOpenProcess
PsGetCurrentProcessId
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
IofCompleteRequest
ProbeForWrite
ProbeForRead
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
memcpy
strstr

hal

ExTryToAcquireFastMutex

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 387B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cfe82d70157e69fa88e2f6578d4898f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 387B

.data Size: 128B - Virtual size: 36B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 384B - Virtual size: 276B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 387B

.data
Size: 128B - Virtual size: 36B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 384B - Virtual size: 276B