c24b728f2d90315330c36beffc189b95_JaffaCakes118

General

Target

c24b728f2d90315330c36beffc189b95_JaffaCakes118
Size

11KB
MD5

c24b728f2d90315330c36beffc189b95
SHA1

8b19012d8ebddca7a2beaa86d5d2f2c745a61b8a
SHA256

4944094042543b992407f5a2b28ab57e02a77a03a8179958823a2c2d80a52c87
SHA512

83b63b601bba357a1b95e0c2bfee169bcd40e1774755d7c9f26373263afbd32df1298ee4c4f29cc6d99889a378dce71090ffd6e7103296f4baba287087f43697
SSDEEP

192:Arp24LHLPwGgVII5ofrS5/iPUen1ptzptQgxZBHnUi2wG6j2Uj:94LrRfWx1+TntNxZBHnUoPjDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c24b728f2d90315330c36beffc189b95_JaffaCakes118

Files

c24b728f2d90315330c36beffc189b95_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ef2d384497d21a0da70ca065fc8ef946

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\PROJECT_x00\release\src\usbhiddev.pdb

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
strstr
ObfDereferenceObject
wcslen
ObQueryNameString
ObReferenceObjectByHandle
KeReleaseMutex
KeWaitForSingleObject
wcsncpy
IoGetCurrentProcess
KeServiceDescriptorTable
PsLookupProcessByProcessId
ZwClose
wcsncat
wcscat
wcscpy
ZwDeleteValueKey
ZwSetValueKey
ExFreePoolWithTag
ZwEnumerateKey
ZwOpenKey
ZwQueryDirectoryFile
ZwOpenFile
ZwCreateFile
ZwOpenThread
ZwOpenProcess
IofCompleteRequest
NtBuildNumber
KeInitializeMutex
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf
wcsncmp
ObOpenObjectByName
wcsstr
_except_handler3
RtlImageDirectoryEntryToData
ZwEnumerateValueKey
ProbeForRead

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef2d384497d21a0da70ca065fc8ef946

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 384B - Virtual size: 381B

.data Size: 128B - Virtual size: 120B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 478B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 384B - Virtual size: 381B

.data
Size: 128B - Virtual size: 120B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 478B