0730dafa2406c918a7badd13b9f1309e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0730dafa2406c918a7badd13b9f1309e_JaffaCakes118
Size

3KB
MD5

0730dafa2406c918a7badd13b9f1309e
SHA1

4feca634d20ff826b71e16e09f79573320623b04
SHA256

05eae3be120db67247553bf89b947178eb2edf80ad3c9604d7d996bb50b1d7df
SHA512

e0e8a98f65bb69466c7d83400275e9ddd51ad24c8ee61f90defdc8cd8c261118ae9e76d6bfee54f91c744faf8ba6be07037bd1dbcaf0c3632a0d69b7eb547eb6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0730dafa2406c918a7badd13b9f1309e_JaffaCakes118

Files

0730dafa2406c918a7badd13b9f1309e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

da80ef6f67c093a9caaf75b16141bc8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\sys\KB\objfre\i386\KILLKB.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateFile
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoDeleteSymbolicLink
IofCompleteRequest
MmUnmapViewOfSection
PsLookupProcessByProcessId
ZwClose
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
IoFileObjectType
IoDeleteDevice

hal

KeGetCurrentIrql

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 197B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 648B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ