54ef23daf28f811653985098ddf22ccb_JaffaCakes118

General

Target

54ef23daf28f811653985098ddf22ccb_JaffaCakes118
Size

482KB
MD5

54ef23daf28f811653985098ddf22ccb
SHA1

16fd16d101f6adaf0ed49b764ffa4042efc031b3
SHA256

534674a42a2977b8562a8c8b583026dd85d9bb4dbaac24c3e8323845d0efb197
SHA512

215ddf77fc991a4caa8cf013a1143c44846f6f0c00a4fa7d8d3ce1a60e201b1e9554da958347c124b727370341ebf6e48abdff908d3bb9f7a331f236e0485ca7
SSDEEP

6144:+r+s6r39GEQglhQkXASp/uHQAXYn6RO1OsGq6:+d6r39GVXYn6RU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54ef23daf28f811653985098ddf22ccb_JaffaCakes118

Files

54ef23daf28f811653985098ddf22ccb_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d6241e455ddc5a45e6b757325df4cf74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\驱动代码\复件HO~1\HOOKSH~1\objchk\i386\HookShadowSSDT.pdb

Imports

ntoskrnl.exe

_except_handler3
DbgPrint
PsGetVersion
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePoolWithTag
ZwClose
wcsncmp
ZwQueryObject
ZwDuplicateObject
NtOpenProcess
KeDelayExecutionThread
KeDetachProcess
KeAttachProcess
KeAddSystemServiceTable
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
ObfDereferenceObject
RtlAssert
IoDeleteSymbolicLink
PsGetCurrentProcessId
ObOpenObjectByPointer
IoThreadToProcess
PsThreadType
IoGetCurrentProcess
PsProcessType
MmIsAddressValid
PsLookupProcessByProcessId
KeServiceDescriptorTable

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 311B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6241e455ddc5a45e6b757325df4cf74

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 384B - Virtual size: 311B

.data Size: 256B - Virtual size: 136B

INIT Size: 1024B - Virtual size: 912B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 640B - Virtual size: 604B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 384B - Virtual size: 311B

.data
Size: 256B - Virtual size: 136B

INIT
Size: 1024B - Virtual size: 912B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 640B - Virtual size: 604B