29029e5aef64a920438a212afdfd92b9_JaffaCakes118 | Triage

Sharing

General

Target

29029e5aef64a920438a212afdfd92b9_JaffaCakes118
Size

4KB
MD5

29029e5aef64a920438a212afdfd92b9
SHA1

22391b23e2a7e8351bd8afd78622da866c0aa713
SHA256

9350aae42452957558b4ca69f5a3f5028de10837b087d8fc434449a470bea6cc
SHA512

1510cda263d742c66e4d6f7748a71afa60396f92211e4367e25d83243b7650a22d98e5d058748e55a6ba8750ad5b2dca667f14ca0ea577d5f498f98cd52d1915
SSDEEP

48:qsq1psXprI1tVS0p/ZK7oOgnCwW7r6wBJy4ds0YCXcVkDUAVVkzDbEXIRrg6hJ:nq1op0PNp/ZSoqwOA23JVVkz51g6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29029e5aef64a920438a212afdfd92b9_JaffaCakes118

Files

29029e5aef64a920438a212afdfd92b9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5bd98060da2f7c1b56d3491ad4f5f3ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\HideRootKit\objfre\i386\MayaSYS.pdb

Imports

ntoskrnl.exe

KeServiceDescriptorTable
ZwQueryDirectoryFile
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
RtlFreeAnsiString
DbgPrint
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlInitAnsiString
ExFreePoolWithTag
ObfDereferenceObject
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlVolumeDeviceToDosName
ObReferenceObjectByPointer
ExAllocatePoolWithTag
ObReferenceObjectByHandle
strncpy
IoGetCurrentProcess
_strnicmp
strrchr
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
_except_handler3

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 263B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ