d485471c1f5da4caddcdaa9e06397933_JaffaCakes118

General

Target

d485471c1f5da4caddcdaa9e06397933_JaffaCakes118
Size

14KB
MD5

d485471c1f5da4caddcdaa9e06397933
SHA1

b15979bebde1ec72be3f0e5f0895620fcae51dfd
SHA256

8fc2784ac119e5bd441218c7e43268977c6a5d63697d43ea9a21a929ac3ab76c
SHA512

fb0dab878ff1ea7436dd95591dc01921c5b7c571858d708daf77d09dd717ec784e57856ceb236ee122034b7cf5fc33b7b7725212516eb6944ff9fab900add02f
SSDEEP

384:rTimjuttedW7mT2c1J7bss60cS0KlavYcsLDEpqYC:r2PedWa6slT6vS3lg4EpqYC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d485471c1f5da4caddcdaa9e06397933_JaffaCakes118

Files

d485471c1f5da4caddcdaa9e06397933_JaffaCakes118
.sys windows:6 windows x64 arch:x64

44410e3ac1599632d46455b53cc18fe4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\sfu\local\scratch\build_root_2008_08_13_13_13_58\windows\build\amd64\scsifilt.pdb

Imports

ntoskrnl.exe

ExDeleteNPagedLookasideList
IofCallDriver
KeInitializeEvent
IoReleaseRemoveLockEx
IoDetachDevice
PoSetPowerState
InitSafeBootMode
PoStartNextPowerIrp
IofCompleteRequest
KeSetEvent
KeWaitForSingleObject
IoFreeIrp
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
MmGetPhysicalAddress
MmMapLockedPagesSpecifyCache
ExQueryDepthSList
KeBugCheckEx
IoDeleteDevice
IoCreateDevice
IoInitializeRemoveLockEx
ExInitializeNPagedLookasideList
IoAllocateIrp
RtlCompareUnicodeString
PoCallDriver
IoAttachDeviceToDeviceStack
IoReleaseRemoveLockAndWaitEx
IoAcquireRemoveLockEx

xevtchn.sys

EvtchnReleaseDebugCallback
EvtchnSetupDebugCallback

xenutil.sys

_XmAssertFail
___XenTrace
XmThreadWait
_XmBug
XmKillThread
XmFreeMemory
_XmAllocateMemory
_XmBugCheck
XmSpawnThread

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44410e3ac1599632d46455b53cc18fe4

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

xevtchn.sys

xenutil.sys

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 776B

.data Size: 512B - Virtual size: 272B

.pdata Size: 512B - Virtual size: 324B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 968B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 776B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 324B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 968B