2f332dbdccad5d414487e36d9b2c0b23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f332dbdccad5d414487e36d9b2c0b23_JaffaCakes118
Size

42KB
MD5

2f332dbdccad5d414487e36d9b2c0b23
SHA1

4f077d632ecf2446376f00c1df3343882845b7da
SHA256

c2e40576210cbe6436e5d1e78268ba90d57966f428ad77703c9b79e90a3483f4
SHA512

f6b9c7af63818f70497f182a0fa9373c11cec8997b7f73bdcf0cd23c6defd5e4f03ea8e4c8ea2972851271d45901c9b1f7e8d720c4f3d40be898ad7f6dd3b3a5
SSDEEP

384:9t1xbgMq64/Mvt9Qy8yhdgoUBJq8fR9SY/oeJAX+NJjkBx08ywD/WRoIwWChqnZG:9ZqtEvj2JoaJHR9SY/hN1kktAJq4Ma

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f332dbdccad5d414487e36d9b2c0b23_JaffaCakes118

Files

2f332dbdccad5d414487e36d9b2c0b23_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b1e3b72ac369e2bb5f38ec1dca4db303

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tdi.pdb

Imports

ntoskrnl.exe

RtlExtendedIntegerMultiply
RtlExtendedMagicDivide
KeTickCount
KeWaitForSingleObject
KeGetCurrentThread
KeSetEvent
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitString
IoWriteErrorLogEntry
memmove
IoAllocateErrorLogEntry
MmAllocateMappingAddress
MmFreeMappingAddress
_except_handler3
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
MmUnmapLockedPages
MmUnmapReservedMapping
KeSetTimer
IoBuildPartialMdl
KefAcquireSpinLockAtDpcLevel
NtCreateFile
wcslen
_wcsicmp
wcscpy
_wcsnicmp
ExFreePoolWithTag
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCompareUnicodeString
_vsnprintf
KeInitializeEvent
RtlGetCallersAddress
RtlCopyUnicodeString
KeBugCheckEx
KeInitializeDpc
KeInitializeTimer
ExQueueWorkItem
RtlAssert
DbgPrint
DbgBreakPoint
MmMapLockedPagesWithReservedMapping
KeQueryTimeIncrement

hal

KfAcquireSpinLock
KeGetCurrentIrql
�fReleaseSpinLock

ndis.sys

NdisRegisterTdiCallBack
NdisDeregisterTdiCallBack
NdisReturnPackets

Exports

Exports

CTEAllocateString
CTEBlock
CTEBlockWithTracker
CTEInitEvent
CTEInitString
CTEInitTimer
CTEInitialize
CTEInsertBlockTracker
CTELogEvent
CTERemoveBlockTracker
CTEScheduleCriticalEvent
CTEScheduleDelayedEvent
CTEScheduleEvent
CTESignal
CTEStartTimer
CTESystemUpTime
DllInitialize
DllUnload
TdiBuildNetbiosAddress
TdiBuildNetbiosAddressEa
TdiCopyBufferToMdl
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
TdiCopyMdlChainToMdlChain
TdiCopyMdlToBuffer
TdiDefaultChainedRcvDatagramHandler
TdiDefaultChainedRcvExpeditedHandler
TdiDefaultChainedReceiveHandler
TdiDefaultConnectHandler
TdiDefaultDisconnectHandler
TdiDefaultErrorHandler
TdiDefaultRcvDatagramHandler
TdiDefaultRcvExpeditedHandler
TdiDefaultReceiveHandler
TdiDefaultSendPossibleHandler
TdiDeregisterAddressChangeHandler
TdiDeregisterDeviceObject
TdiDeregisterNetAddress
TdiDeregisterNotificationHandler
TdiDeregisterPnPHandlers
TdiDeregisterProvider
TdiEnumerateAddresses
TdiInitialize
TdiMapUserRequest
TdiMatchPdoWithChainedReceiveContext
TdiOpenNetbiosAddress
TdiPnPPow27`�mplete
TdiPnPPowerRequest
TdiProviderReady
TdiRegisterAddressChangeHandler
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiRegisterNotificationHandler
TdiRegisterPnPHandlers
TdiRegisterProvider
TdiReturnChainedReceives

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1e3b72ac369e2bb5f38ec1dca4db303

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 1024B - Virtual size: 564B

.data Size: 512B - Virtual size: 14KB

PAGE Size: 512B - Virtual size: 478B

.edata Size: 2KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 1024B - Virtual size: 564B

.data
Size: 512B - Virtual size: 14KB

PAGE
Size: 512B - Virtual size: 478B

.edata
Size: 2KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 2KB - Virtual size: 2KB