158eaa640edecbebe5ecbf1ed0025671_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

158eaa640edecbebe5ecbf1ed0025671_JaffaCakes118
Size

8KB
MD5

158eaa640edecbebe5ecbf1ed0025671
SHA1

02b9ca7bc92b474412c2c067c387ee7734b036d8
SHA256

73ce6aa101baf48043086463cb382b681ece02cd9deea8349e041cbbecba7e19
SHA512

6c20e93d09661dad11553f6f74462b12af84fd9a94b3c14babda7ae60e326a8731918f1e293361ab59667e0d9bd2d033bb4c641eb52cd1de8db9e2e491fd12f0
SSDEEP

96:49S6Ff/BFbGdRBI6W6f8dh1fAq2+uJ0mQ0ciEMKLKuzLq7JfJC3lI1KIjkdE:49VJGfnAfAq2+BfMKGufq7JhCVpIj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
158eaa640edecbebe5ecbf1ed0025671_JaffaCakes118

Files

158eaa640edecbebe5ecbf1ed0025671_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7647e5f3b4b71536c8712f36b9aeb4cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\0\Ps\Driver\i386\Killer.pdb

Imports

ntoskrnl.exe

IoFreeMdl
MmUnlockPages
ExFreePoolWithTag
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ObfDereferenceObject
IoDriverObjectType
MmGetSystemRoutineAddress
IoCreateFile
ZwClose
KeSetEvent
ZwQueryInformationFile
KeWaitForSingleObject
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
KdDisableDebugger
IoGetCurrentProcess
ObReferenceObjectByHandle
IoFileObjectType
_allmul
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ZwReadFile
IoFreeIrp

hal

KeStallExecutionProcessor

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 787B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ