01b81db46bb67afa16d042944d0a5870_JaffaCakes118

General

Target

01b81db46bb67afa16d042944d0a5870_JaffaCakes118
Size

48KB
MD5

01b81db46bb67afa16d042944d0a5870
SHA1

bca9c8e456261e2b3cc3da2972ae6015f2d9172e
SHA256

cefee50ebeb8cf6a33c586074b400682d3eb18bee2a3cd9894ca14bcedb68f72
SHA512

08389127e12ddacdeb4af111038ce25f53e876e72f56bfe90a9c7ea1ce410f5c9a461425d5ba4b84215d8c218a4d29a23044cc1b05c796508a3c59ad3886a8e7
SSDEEP

768:bWbrETUJXVXjTiWrs72akQMYFcbtXkYfA3OP7GgwzKQUsWe07XdmQ3:bW/J7akEcVkjOAVtu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01b81db46bb67afa16d042944d0a5870_JaffaCakes118

Files

01b81db46bb67afa16d042944d0a5870_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a33071de5e682538e2c93dc31da4fd10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DevWork\3waregsm\objfre_wnet_x86\i386\3wDrv100.pdb

Imports

ntoskrnl.exe

IoAllocateErrorLogEntry
ExQueueWorkItem
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlCheckRegistryKey
IoWriteErrorLogEntry
KeInsertQueueDpc
RtlCreateRegistryKey
KeTickCount
KeBugCheckEx
RtlTimeToTimeFields
KeQuerySystemTime
ExSystemTimeToLocalTime
RtlExtendedLargeIntegerDivide
memmove
IoIsWdmVersionAvailable
DbgPrint
vsprintf
KeInitializeDpc
sprintf

hal

KeGetCurrentIrql

scsiport.sys

ScsiPortGetUncachedExtension
ScsiPortGetDeviceBase
ScsiPortGetPhysicalAddress
ScsiPortReadPortUlong
ScsiPortCompleteRequest
ScsiPortNotification
ScsiPortWritePortUlong
ScsiPortInitialize
ScsiPortStallExecution

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a33071de5e682538e2c93dc31da4fd10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

scsiport.sys

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 952B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 952B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB