3620e17eca49e7f8de1ff5b2ab8f37ee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3620e17eca49e7f8de1ff5b2ab8f37ee_JaffaCakes118
Size

3KB
MD5

3620e17eca49e7f8de1ff5b2ab8f37ee
SHA1

1ad9f85c34c5574ff8926bef55b90833fc328f17
SHA256

793e077e52918aaceb309b5bb57dfb1c8a065e07242a1199b6fa50617c2c0375
SHA512

3bed92f0e2b60a769ffc20cf1a15645f1131841d2e88670d6174fe9399bb3efe03463d085943a488d0ce67cda4bd81b4af58aab3d11edd7cc1e21af08ba047f0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3620e17eca49e7f8de1ff5b2ab8f37ee_JaffaCakes118

Files

3620e17eca49e7f8de1ff5b2ab8f37ee_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d5d09f3843b4289fdefe7346f48606be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\driverex\i386\Driver.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ZwTerminateProcess
ExFreePoolWithTag
KeServiceDescriptorTable
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ExAllocatePoolWithTag
ObReferenceObjectByPointer
PsThreadType
PsLookupThreadByThreadId
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
DbgPrint
KeTickCount
KeBugCheckEx

Sections

.text
Size: 896B - Virtual size: 810B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 728B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ