bcf49282c64acfce9ba7074c48308455_JaffaCakes118

General

Target

bcf49282c64acfce9ba7074c48308455_JaffaCakes118
Size

30KB
MD5

bcf49282c64acfce9ba7074c48308455
SHA1

df0a5e8c816ed4f6c0e7787d3f3b5549c4aaff6a
SHA256

aa1ae418b20760a263a8cb92f5c7b6facad36baf9d1706c4f7d6ea7710800958
SHA512

a4b30cc086a092bbdf1a8603d5e5840d1cadd894745f97e289cd9908dad8c8c90e423f9d574c13576d834a518e1739c38e29e97b423e84717d8482e7822e0525
SSDEEP

384:WAKb8U2T2TFKcUJk+QUs9iYoRZDb66MR8tDuWQjZc4P3PBgeBNfQvcdsJElgqSzZ:WrLrZKPk+QkrK6MKoWQWCeMW3Dk1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcf49282c64acfce9ba7074c48308455_JaffaCakes118

Files

bcf49282c64acfce9ba7074c48308455_JaffaCakes118
.sys windows:6 windows x86 arch:x86

7379fee964c68011ae0f979b979ee9cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\0soft_v03\loader\rootkit\v1.0\driver\objfre_wxp_x86\i386\drive4.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
NtBuildNumber
RtlInitUnicodeString
wcsncpy
memset
PsLookupProcessByProcessId
PsTerminateSystemThread
KeCancelTimer
KeWaitForSingleObject
KeSetTimerEx
KeInitializeTimerEx
IofCompleteRequest
ExFreePoolWithTag
ZwClose
ZwWriteFile
ZwCreateFile
ExAllocatePool
DbgPrint
_except_handler3
memcpy
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ObReferenceObjectByHandle
ZwOpenThread
ObfReferenceObject
ObfDereferenceObject
KeUnstackDetachProcess
MmUnmapLockedPages
KeStackAttachProcess
IoFreeMdl
IoDeleteDevice
KeInitializeApc
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
wcsncmp
ObOpenObjectByName
wcsstr
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
ExAllocatePoolWithTag
MmIsAddressValid
IoRegisterFsRegistrationChange
KeInitializeMutex
KeInsertQueueApc

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7379fee964c68011ae0f979b979ee9cb

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 492B

.data Size: 21KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 492B

.data
Size: 21KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B