fbbb50d1240fa5b32c72e1e9963758f0_JaffaCakes118

General

Target

fbbb50d1240fa5b32c72e1e9963758f0_JaffaCakes118
Size

65KB
MD5

fbbb50d1240fa5b32c72e1e9963758f0
SHA1

393a5e9e9fc21538091b09f82900a1e12f2d3667
SHA256

effe5ccef4ec9c790d67d5227b95ae0eb50dad40ea94a2880810a664da50d6a8
SHA512

9b8f693e977b5c2dea1bf74a76bc343ed72c24d7f900921e8688fdec5f07926955413bbf1c7c8684df37f4addda53a0f18baf86c71bd3ae400bcdeda3e8feb8f
SSDEEP

384:Z5C48Zx6RXHgX7D6GoqXzjDGRv2X81a7glaPYEIU7VWpetqBKj73YkoAz0MYpKNB:i41HEtoVvafuKAG3KYTD2zc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbbb50d1240fa5b32c72e1e9963758f0_JaffaCakes118

Files

fbbb50d1240fa5b32c72e1e9963758f0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3a91854e95930cbf78f1e78c6b81f04c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\works\kernelbots_up24\driver\bypass\bypass\i386\bypass.pdb

Imports

ntoskrnl.exe

MmIsAddressValid
KeServiceDescriptorTable
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwCreateFile
ObReferenceObjectByHandle
ZwOpenProcess
wcslen
_strnicmp
KeDetachProcess
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
IoDeleteDevice
RtlInitUnicodeString
IofCompleteRequest
MmUserProbeAddress
NtBuildNumber
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
strstr
_strupr
strncpy
ExFreePoolWithTag
DbgPrint
memchr

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a91854e95930cbf78f1e78c6b81f04c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 49KB - Virtual size: 49KB

INIT Size: 1024B - Virtual size: 898B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 49KB - Virtual size: 49KB

INIT
Size: 1024B - Virtual size: 898B

.reloc
Size: 3KB - Virtual size: 3KB