d504ca7bfc9be0c3a93a5d5a37a94a45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d504ca7bfc9be0c3a93a5d5a37a94a45_JaffaCakes118
Size

63KB
MD5

d504ca7bfc9be0c3a93a5d5a37a94a45
SHA1

e3250ff8c6c5443ea102278ed34cded346eaa0ce
SHA256

e2e5c76bcff427f8a31f8df8f5e987f061021ba4bd9f4f3e0374abf54a4b8148
SHA512

a6725d849ee605c6b094d3acc6078e0ccf20d47118de586d6a1bcaeff9b219aeec1453a7ed2c9f7e45e0fdf7702c292cdec80b219e03bc0da30fa2a23aad528a
SSDEEP

384:tAsEpp7k6YD6Gop6oQlKHsxm2qGqa1rNn8TI0zUpyyHAeaMqA0RYjdA/DTEqHPQU:BEz7f6top6G4cIFcFOa7iOlDR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d504ca7bfc9be0c3a93a5d5a37a94a45_JaffaCakes118

Files

d504ca7bfc9be0c3a93a5d5a37a94a45_JaffaCakes118
.sys windows:5 windows x86 arch:x86

e56d44093d2a69ccb2bfb49338de69aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\works\byshell_up54\driver\bypass_up53\bypass\i386\bypass.pdb

Imports

ntoskrnl.exe

ZwQuerySystemInformation
KeServiceDescriptorTable
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
KeInitializeSpinLock
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
strncmp
IoGetCurrentProcess
MmIsAddressValid
PsGetCurrentProcessId
MmUserProbeAddress
NtBuildNumber
KeBugCheck
KeTickCount
KeBugCheckEx
strrchr
_stricmp
IoCreateFile
ExFreePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 122B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe��
Size: 17B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e56d44093d2a69ccb2bfb49338de69aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 49KB - Virtual size: 49KB

INIT Size: 1024B - Virtual size: 928B

.reloc Size: 3KB - Virtual size: 3KB

.nsp1 Size: 122B - Virtual size: 122B

.pe�� Size: 17B - Virtual size: 17B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 49KB - Virtual size: 49KB

INIT
Size: 1024B - Virtual size: 928B

.reloc
Size: 3KB - Virtual size: 3KB

.nsp1
Size: 122B - Virtual size: 122B

.pe��
Size: 17B - Virtual size: 17B