1b264f963f5fd65beb3e5bcf7ea887d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b264f963f5fd65beb3e5bcf7ea887d2_JaffaCakes118
Size

4KB
MD5

1b264f963f5fd65beb3e5bcf7ea887d2
SHA1

34cf49b27f183992ef96413f8bae1a4ebb58bd07
SHA256

640427f54ae7d34c44ed28b596269b6515c244680d3449f8e4081d433aad563d
SHA512

5d43cb7c6d362ecf63b4c44b0439cfecb18862d2237ba516e6485acd8b6d64d4825c1480b07d908608ba40c5df405ad14e73e68a8f55be3ec034afde1894e633
SSDEEP

48:S0pJ5QPB9y6h2H1OsnEIAXIEtprKRnS/remVh3pK4qV7VwmRyA66bVVnTg9Rrgja:fJ5Qa6hxWEdX9KRnA5VV1Ac1gjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b264f963f5fd65beb3e5bcf7ea887d2_JaffaCakes118

Files

1b264f963f5fd65beb3e5bcf7ea887d2_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c609ce526b8ef0e7c12317e4fd5b7873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\maofang\benz\SYS\objfre\i386\KILLKB.pdb

Imports

ntoskrnl.exe

PsSetLoadImageNotifyRoutine
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenProcess
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsProcessType
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
_stricmp
ZwClose
ObReferenceObjectByHandle

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ