08af90dea2f29a922b3e4f1e90f8ec5d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08af90dea2f29a922b3e4f1e90f8ec5d_JaffaCakes118
Size

3KB
MD5

08af90dea2f29a922b3e4f1e90f8ec5d
SHA1

e5172ca8cada532345a1cc72eaf28d36831ecf60
SHA256

c8769adc8f7aeb7525445796629729ae03db5dadedb4a2855f800cdcb768f61d
SHA512

c25b12590df8948081673114acf06ebd56007334a7994fc69ab5cfc93297e332b28a3b5c8ad5909628ff4078704b5f67c42314fa7a405d3f5cb1046a54342384

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08af90dea2f29a922b3e4f1e90f8ec5d_JaffaCakes118

Files

08af90dea2f29a922b3e4f1e90f8ec5d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7fbfb12b86562f90eb11961ce798968f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DirectDiskForWin32\KillProcess\objfre_wxp_x86\i386\kp.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
MmGetSystemRoutineAddress
DbgPrint
PsTerminateSystemThread
ExAllocatePoolWithTag
KeWaitForSingleObject
IoDeleteDevice
PsCreateSystemThread
ObfDereferenceObject
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
ExFreePoolWithTag
ObReferenceObjectByHandle
IofCompleteRequest

hal

KfRaiseIrql
KeGetCurrentIrql

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 594B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ