189e83a7b50a0bb8fadc358be4a97440_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

189e83a7b50a0bb8fadc358be4a97440_JaffaCakes118
Size

2KB
MD5

189e83a7b50a0bb8fadc358be4a97440
SHA1

b563b91afd9570dcac52ed467efa9e9c9f2cff97
SHA256

98f7f19396d5de6f8518051dba74718e5b894a6072e550232945b7f151fb8cfc
SHA512

250cfb6fe46fd730b213be4701e9587d6e588c82bec511e38580dd26f80e849286eb7fe2fa46445ab1f9e4d36716967da5c001c3bcad272ace282cbafbe33bf0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
189e83a7b50a0bb8fadc358be4a97440_JaffaCakes118

Files

189e83a7b50a0bb8fadc358be4a97440_JaffaCakes118
.sys windows:5 windows x86 arch:x86

94d07a2c5b7927b63da16147d1edd21b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\killhy\killkb\objfre\i386\killkb.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
ZwOpenProcess
ZwClose
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
IoCreateSymbolicLink
IoCreateDevice

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ