3b34b6bf432154fa5e0f2596d2b13ba7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b34b6bf432154fa5e0f2596d2b13ba7_JaffaCakes118
Size

5KB
MD5

3b34b6bf432154fa5e0f2596d2b13ba7
SHA1

f495c82951c265f1fd27b2e7b4f85d30019a6019
SHA256

cab0061c3dfefd3a30826514dd2e8748581b519a5751f02c8aa3a7db54bd7266
SHA512

858cb27405b07c08391625dba4f90b3cb8c4139f5cd636b6963050c162c2c0869d9b7f8570d1a9e55198e77501d0686d78ce63cf4ace45ae2427629639a5e285
SSDEEP

96:8GtkHGyp0oL9LXKsjTi7db2nr7y5zl0p9JS9e:8GkGypTxLXKTCr7y5z2s9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b34b6bf432154fa5e0f2596d2b13ba7_JaffaCakes118

Files

3b34b6bf432154fa5e0f2596d2b13ba7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

8aba6c08778eaca42d1dce251519762a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\program\Test\Project3.3\HidePort1.4\objfre_wxp_x86\i386\fdisk.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
KeWaitForSingleObject
MmMapLockedPages
KeDelayExecutionThread
_allmul
PsTerminateSystemThread
ExFreePoolWithTag
ZwClose
atoi
ZwReadFile
ExAllocatePoolWithTag
ZwCreateFile
RtlInitUnicodeString
IofCallDriver
IofCompleteRequest
ObReferenceObjectByHandle
PsCreateSystemThread
IoAttachDeviceToDeviceStack
IoCreateDevice
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ZwQueryInformationFile
KeServiceDescriptorTable
wcslen
strrchr
wcscpy
_except_handler3

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 754B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ