026bcaa267fa50eff3b1afe4bd6accb4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

026bcaa267fa50eff3b1afe4bd6accb4_JaffaCakes118
Size

28KB
MD5

026bcaa267fa50eff3b1afe4bd6accb4
SHA1

709dd2d1f0b5f5190a97c4cad33a9d7ccc993712
SHA256

6990f6b4d64d201a03bbe453adf5e969db920531222aef79c63ff245ab123b8c
SHA512

d25baa2c651cc9b35d21702b83cb3363c7615983d4e39a6bd8b0fa5932225ce4a86a61c2de71991cb63e07708aa25c4af7eeeccb4926d6d3e33487d769974ed9
SSDEEP

384:YjfnodxlKYXQNb928jIjxVzXtL1Cq+XrgnhHhVkxUw5e1n9tnUEp5Mz5TP0:5VO88jAVB4mhVkzS993SRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
026bcaa267fa50eff3b1afe4bd6accb4_JaffaCakes118

Files

026bcaa267fa50eff3b1afe4bd6accb4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b4a1e65118da05e3d1dc61203820b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\TechDept\DesktopMedia\client\ADDRV_New\Bdguard_sys\XPRelease\Bdguardxp.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
_except_handler3
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoRegisterFsRegistrationChange
_wcslwr
memcpy
memset
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoGetDeviceObjectPointer
strchr
_strnicmp
_stricmp
_snprintf
wcscpy
MmIsAddressValid
PsGetCurrentProcessId
PsGetCurrentThreadId
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExReleaseResourceLite
_snwprintf
ZwQueryInformationFile
ZwQueryValueKey
ZwOpenKey
ZwDeleteValueKey
strncmp
strlen
IoGetCurrentProcess
IoDetachDevice
MmGetSystemRoutineAddress
ExDeleteNPagedLookasideList
InterlockedPushEntrySList
ExGetPreviousMode
wcsncpy
IoAttachDeviceToDeviceStack
ExQueueWorkItem
KeSetEvent
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
ObQueryNameString
ObfReferenceObject
KeDelayExecutionThread
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlFreeUnicodeString
ZwReadFile
strncpy
strrchr
ZwEnumerateValueKey
ZwSetValueKey
ZwEnumerateKey
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcslen
RtlAnsiStringToUnicodeString
RtlAppendStringToString
RtlCompareString
_strlwr
RtlAppendUnicodeStringToString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoFreeIrp
wcscat
KeGetCurrentThread
IoAllocateIrp
memmove
ZwTerminateProcess
KeServiceDescriptorTable
ZwDeleteKey
RtlInitUnicodeString
IoDeleteSymbolicLink
InterlockedPopEntrySList
IoDeleteDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b4a1e65118da05e3d1dc61203820b5c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB