38bca25c0f0a09a8022fdfd874139fa8_JaffaCakes118

General

Target

38bca25c0f0a09a8022fdfd874139fa8_JaffaCakes118
Size

23KB
MD5

38bca25c0f0a09a8022fdfd874139fa8
SHA1

925fceac830c458b89e0ad182cadb5158c74d5bd
SHA256

d20184e2b116a009262a2e715dc20cb4bd7edcc49cca5bc57534489ae44b4d59
SHA512

ae2ef03e112871450fd59d35739242f4132a40418a3d6802562c742fc93a7c70502caa0f523e8d9a1d7934d1c8e5b029f585eb4b4dbce7c4e055e2a2d70adf9a
SSDEEP

384:JRad7+46P40oi5WgihLTi6+x/HTuPiiiDh02UxCVd9BpiQJGHiXliHuiRHDrKWvQ:JRad7+46P40oi5WgihLTi6+x/HTuPiis

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38bca25c0f0a09a8022fdfd874139fa8_JaffaCakes118

Files

38bca25c0f0a09a8022fdfd874139fa8_JaffaCakes118
.sys windows:5 windows x86 arch:x86

12857af073478e50bde2f4ffdca05309

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\kernel_loader\Driver\objfre\i386\apcdli.pdb

Imports

ntoskrnl.exe

wcscpy
ExFreePoolWithTag
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ExAllocatePoolWithTag
ZwReadFile
ZwClose
ZwQueryInformationFile
ZwOpenFile
DbgPrint
RtlQueryRegistryValues
ZwWriteFile
ZwCreateFile
wcscat
strncmp
IoGetCurrentProcess
ZwMapViewOfSection
ZwCreateSection
_stricmp
ZwUnmapViewOfSection
IofCompleteRequest
KeSetEvent
_except_handler3
MmGetSystemRoutineAddress
PsGetVersion
KeWaitForSingleObject
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
ZwAllocateVirtualMemory
ZwOpenProcess
PsTerminateSystemThread
ObfDereferenceObject
PsCreateSystemThread
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 411B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12857af073478e50bde2f4ffdca05309

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 512B - Virtual size: 411B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 582B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 411B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 582B