f4134133cd9d3e6e4f2d6d3ccf15f40c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4134133cd9d3e6e4f2d6d3ccf15f40c_JaffaCakes118
Size

382KB
MD5

f4134133cd9d3e6e4f2d6d3ccf15f40c
SHA1

3615b1ddea3d7a561a5ba234cc7475417a90b7ac
SHA256

f08b57fb291212d0db078d3f192d70a825c68abd4a838fc48f979a0ad128b5f2
SHA512

09152aa515db682667210cdc62ca8928f9ca9c8b2e1d758ff6d2990f34fe83ab1a95a88553f150747c007c71f55728bfaed5374a6524f98674ce18d3cb92bca6
SSDEEP

6144:svNNLTugYBvX+iOjeOhpe140iX/1BNe+GbiQKYc:mNLlio9hpe1SpeSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4134133cd9d3e6e4f2d6d3ccf15f40c_JaffaCakes118

Files

f4134133cd9d3e6e4f2d6d3ccf15f40c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

df8e3788c19763075302a8859e830225

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\by\DelFile\objfre_w2K_x86\i386\delfile.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
IoGetRelatedDeviceObject
DbgPrint
ExFreePool
ZwQuerySystemInformation
KeSetEvent
KeUnstackDetachProcess
ZwClose
KeStackAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
PsGetCurrentProcessId
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ObfDereferenceObject
ObReferenceObjectByHandle
IoCreateSymbolicLink
IoCreateDevice
MmFlushImageSection
_except_handler3
IoFreeIrp
ExAllocatePoolWithTag
IofCompleteRequest

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 836B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ