2d146bb484e7aa6e4b43d0f9ee141f43_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d146bb484e7aa6e4b43d0f9ee141f43_JaffaCakes118
Size

1KB
MD5

2d146bb484e7aa6e4b43d0f9ee141f43
SHA1

55062ab546d5edeeb015f462ff78d0513f05653c
SHA256

688c47b3d820fcbb61b77920ca4a88e3a8e38e2eddc6ec8a5a2d8fd8f80b9a31
SHA512

08afb4f4554179eead61311c3ce446e91b06e59e254a67712672f7918dc6b7d672aa310de40f838114cc43206ae67b7b5bd482ddce49a4b4afe8c636d7b8aadb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hp.sys

Files

2d146bb484e7aa6e4b43d0f9ee141f43_JaffaCakes118
.zip
hp.sys
.sys windows:6 windows x86 arch:x86

39a34befd8d7710b7bc4ae845a6738a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\hp\objfre_wxp_x86\i386\hp.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
PsGetVersion
KeTickCount
IoGetCurrentProcess
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 640B - Virtual size: 574B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ