0d8c824e3ff440d63953d39a62b3f1a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d8c824e3ff440d63953d39a62b3f1a9_JaffaCakes118
Size

5KB
MD5

0d8c824e3ff440d63953d39a62b3f1a9
SHA1

e2d38ca3961fcfc4daf12c7ebf7141a621889eb0
SHA256

e8db31c6e290f9bc8df305c39e05949d69ab53e9eac5faa1fa2792d15c4218c2
SHA512

87532e695f4af1e86e0079ff5bd55974a42bbfb80989a4c35c53eb15ae9d642125e671eb9f37263c4b7a5dd24b5af4229542fed282b72ce03fed986ad81aed0f
SSDEEP

96:M/coEsCAhWKwlbFqSzRoXF6Re7rQhiuIIXlADhQl9a0A1n:fKWwkS6ErDalAWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d8c824e3ff440d63953d39a62b3f1a9_JaffaCakes118

Files

0d8c824e3ff440d63953d39a62b3f1a9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ba397ef5765d96d5175f1f1f5d25001a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\d_disk\HideMe(20050623)\driversrc\objfre\i386\HideMe2.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
IoRegisterShutdownNotification
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
ZwClose
ZwSetValueKey
ZwOpenKey
IoDeleteDevice
memmove
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlFreeUnicodeString
wcscat
RtlAnsiStringToUnicodeString
strrchr
RtlUnicodeStringToAnsiString
KeInitializeSpinLock
ZwQuerySystemInformation
RtlQueryRegistryValues
ZwDeviceIoControlFile

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ