024ee57bb3510aaabf197fa709efa45d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

024ee57bb3510aaabf197fa709efa45d_JaffaCakes118
Size

17KB
MD5

024ee57bb3510aaabf197fa709efa45d
SHA1

1e987599a22973b80bd973d10ae2bb586d5857fa
SHA256

0058a3d3dcd3846234a16aab6509b3d9e6cf02ea77789e3458629585d454bab5
SHA512

754aa8c2183dfe9275e4b2978f574b2d3a405094aef17ec88292733729e8b9b9da4f483b8bac4a3db701264c3edb0df6b00e8b34368109486dfbc1e08f25a411
SSDEEP

192:sZK3zoSMNhIpPCQHdsb91DadjYOz03TAI+fc4KcyP:yKjoSuhIpqQHy9JahYOz03B1L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
024ee57bb3510aaabf197fa709efa45d_JaffaCakes118

Files

024ee57bb3510aaabf197fa709efa45d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a75b7b8a0ec59e2b1953cf5088b5002f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\newcode\ssdt\sys\i386\CrackMe.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
NtBuildNumber
ZwTerminateProcess
MmIsAddressValid
NtOpenProcess
KeGetCurrentThread
ZwClose
ObOpenObjectByPointer
PsLookupProcessByProcessId
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ObReferenceObjectByPointer
PsThreadType
PsLookupThreadByThreadId
DbgPrint
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ