fcaf47a1d4dc8dde3f35ecfd4ace9962_JaffaCakes118

General

Target

fcaf47a1d4dc8dde3f35ecfd4ace9962_JaffaCakes118
Size

33KB
MD5

fcaf47a1d4dc8dde3f35ecfd4ace9962
SHA1

2b50c97c28af0a9ec9da2f1b3082b95c6cec687e
SHA256

898de47d1976e3cfa2743dc6446126110cfcb057109ea775db5e4da535cc5549
SHA512

373acf455c6e04102082b45aab58b6c7c06361f035cc33eb0f7651d9c9d0976fc5d5cb789a7ee15bf2a234edb80c76f0122e157760e5dce20bae307456017883
SSDEEP

768:DWe40BuhGWWqvLNSsEYT5Hd+WTB8XEA7vj/31atN:puhGsZH5HosPqzAtN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcaf47a1d4dc8dde3f35ecfd4ace9962_JaffaCakes118

Files

fcaf47a1d4dc8dde3f35ecfd4ace9962_JaffaCakes118
.sys windows:6 windows x64 arch:x64

1cc1cf9b05958a594a60e8732f643793

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\p\s\objfre_wnet_amd64\amd64\swe.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
swprintf
IoDetachDevice
ObfDereferenceObject
IofCallDriver
IoFreeMdl
IoAllocateMdl
IoBuildDeviceIoControlRequest
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
KeInitializeDpc
KeInitializeTimer
KeRemoveQueueDpc
KeCancelTimer
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
IoFreeIrp
IoAllocateIrp
MmMapLockedPagesSpecifyCache
KeSetTimer
RtlAppendUnicodeToString
RtlInitUnicodeString
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
KeBugCheckEx
PsGetCurrentProcessId
ExAllocatePoolWithTag

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cc1cf9b05958a594a60e8732f643793

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

tdi.sys

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 876B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 776B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 876B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 776B