07b891e44149a9ae2da1a2374a8220fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07b891e44149a9ae2da1a2374a8220fc_JaffaCakes118
Size

4KB
MD5

07b891e44149a9ae2da1a2374a8220fc
SHA1

d120f349c2d717ee79f83d6b7b96eb5bd6e2ae46
SHA256

c46e2487ff261130b68ef36943943d0fad5709591e5142422ef9d4d3f04862c3
SHA512

7a635f32052d61bdc23c3447a4d2f7e23d28e62cd88e8f3c308a3f46da1653caba8d6b47ff394ea50ae6e5eb69ec8a64dc9d178837f7f69e2bac1cde09d49d53
SSDEEP

48:Qij0VDBfHYrivNJ+Ij61VGIS50EP9CbrygHoJBjHfa6yssiwRzx3zmmiWXo:V2W2VyrGIc1CKgISzsPwPDmAXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07b891e44149a9ae2da1a2374a8220fc_JaffaCakes118

Files

07b891e44149a9ae2da1a2374a8220fc_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0b61ad2abf5dcf8ff3a3528bc4a0a520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\myproject\img\客户\sedisk.sys\sys\objfre_wxp_x86\i386\pcihdd32.pdb

Imports

ntoskrnl.exe

KeInitializeSpinLock
IoGetDeviceObjectPointer
RtlInitUnicodeString
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoCreateDevice
ExFreePoolWithTag
ObfDereferenceObject
IoDeleteDevice
IofCompleteRequest
IoFreeIrp
IoFreeMdl
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
MmBuildMdlForNonPagedPool
KeGetCurrentThread
IoAllocateMdl
IoAllocateIrp
RtlCopyUnicodeString
ExAllocatePoolWithTag
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 730B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ