f877ae3de98646457f5d0243d3fa8c9e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f877ae3de98646457f5d0243d3fa8c9e_JaffaCakes118
Size

7KB
MD5

f877ae3de98646457f5d0243d3fa8c9e
SHA1

2bc14891f1d4373085fe915b1f36c64ee35e1337
SHA256

f791107fc62e549ecec6e05e00e450a2758a24d4cc8eb19f07261d9b025e6b64
SHA512

e6c6c9b5a505cd6807d165910441db8c756a9d0eb216fcfa375cbe991e9a77439b2e15ba9ca7d6e1ae6cc889b14335198dfc623e810cbf9329cd32c935d2b3c8
SSDEEP

96:goBDHDhSc7LQ5aO6JLCy3dY5JkDhWLg0DP1OYWkaUvfZmj1qT:7HNPE5abxYJkVWMUEYv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f877ae3de98646457f5d0243d3fa8c9e_JaffaCakes118

Files

f877ae3de98646457f5d0243d3fa8c9e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1533e45dc2c408cf8b145c4ff89a55a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\jiangsu\003rxjh\GameHack\Driver\objfre\i386\zkewahaha.pdb

Imports

ntoskrnl.exe

IoDriverObjectType
RtlInitUnicodeString
IoDeleteDevice
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
ObfDereferenceObject
ObReferenceObjectByName
IoCreateDevice
IoGetDeviceObjectPointer
IofCompleteRequest
IoDeleteSymbolicLink
IoDetachDevice
IofCallDriver
wcsncpy
MmIsAddressValid
wcslen
_wcsnicmp
IoCreateSymbolicLink
IoCancelIrp

hal

KfAcquireSpinLock
KfReleaseSpinLock
READ_PORT_UCHAR
KeStallExecutionProcessor
WRITE_PORT_UCHAR

Sections

.bss
Size: - Virtual size: 800B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ