f57353594b608f972d72e30fc0117ef3_JaffaCakes118

General

Target

f57353594b608f972d72e30fc0117ef3_JaffaCakes118
Size

11KB
MD5

f57353594b608f972d72e30fc0117ef3
SHA1

9085561dc2835d761f6204d48de81fe92faf42fd
SHA256

c7aef77a03bbf72fc119f0d376051875b2ad3a8a766ed293d1971e28c0621078
SHA512

2cb8c9e6ef1ec62d76c1f90aa59725d96bd54f59d050b877f3876f5d54ef2946d1fff49b553cbd133b9d410ae46219b9ed9e27d1d330e9f077111ccc52d1ff75
SSDEEP

192:mh75Tp5hTKpuDdRIc8lAqWwtZ9twVNjUv0KHksPW7D:mHp51Kewc67tZbmNjUMKnPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f57353594b608f972d72e30fc0117ef3_JaffaCakes118

Files

f57353594b608f972d72e30fc0117ef3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fee71e7723a6eb67852c7a15d2c941a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\_Projects\WinAntiSpyware\_Reuse\FSDriver\_UwasRelease\uwasfsd.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
ObQueryNameString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ExFreePoolWithTag
ExAllocatePoolWithTag
ObfReferenceObject
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
KeDelayExecutionThread
KeWaitForSingleObject
KeInitializeEvent
IoDeleteDevice
IoDetachDevice
IoCreateDevice
RtlCompareUnicodeString
ObfDereferenceObject
IoGetDeviceObjectPointer
IoRegisterFsRegistrationChange
KeInitializeSpinLock
IoCreateSymbolicLink
IoAttachDeviceToDeviceStack
ExQueueWorkItem
IofCompleteRequest
KeSetEvent
ExfInterlockedInsertTailList
IofCallDriver

hal

ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fee71e7723a6eb67852c7a15d2c941a0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 64B

PAGE Size: 3KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 1024B - Virtual size: 546B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 64B

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 1024B - Virtual size: 546B