04afd152714216f642d22b80fd6af6d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04afd152714216f642d22b80fd6af6d7_JaffaCakes118
Size

4KB
MD5

04afd152714216f642d22b80fd6af6d7
SHA1

898a42a0c625175e17b2fabd1a55054787cab463
SHA256

c4e1baf7986157762397e6a478c3b0ceded7563e76a701e82b91db9935f1788a
SHA512

26f1c0181dc5788739ef1ffaf1891940d8d4ac967179a859b7de11cc688ea0979c35ba2a5d404556ca486de098e9927b962351e89fcf9665427fed6dc512136b
SSDEEP

48:4jIlAFkrZtUdyfkGMHMPipMOPmo2/Z2nCMOPbbJaV3gCDRrrX:EIMdC0MqiOPVTROPhu1rX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04afd152714216f642d22b80fd6af6d7_JaffaCakes118

Files

04afd152714216f642d22b80fd6af6d7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

58343b0fd0db5cea8a892e6bae2ec0bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\jpg\good\驱动\hooksys\output\i386\NTChDrv.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrint
_except_handler3
strncpy
IoGetCurrentProcess
KeServiceDescriptorTable
sprintf
PsGetCurrentProcessId
IofCompleteRequest
IoDeleteDevice
ZwOpenProcess
IoCreateSymbolicLink
IoCreateDevice
strncmp

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 279B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ