4052ea6b8a1f60fc246276f9fbb0fa9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4052ea6b8a1f60fc246276f9fbb0fa9a_JaffaCakes118
Size

6KB
MD5

4052ea6b8a1f60fc246276f9fbb0fa9a
SHA1

db14cc6e20db760c898761dbc5fa4eb4ebace3f3
SHA256

0cbb0373e75c1ce5e68ef4b7895ee5409b811cadcd928ed339502693e31f6279
SHA512

54b000801a0b40d3f84ac8d3c9fa5f0103e93d2453f602d33bbb5b78e940ac661bb48ce115b572e9cc5b14da61af168b47bd795f7304749d14c57c921f3b3b0e
SSDEEP

96:QFx39dWMnrM1lhm6muyRznKEYfCR3GtshE6dG:exrMvh67KEXRVE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4052ea6b8a1f60fc246276f9fbb0fa9a_JaffaCakes118

Files

4052ea6b8a1f60fc246276f9fbb0fa9a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

2e5bd4a6a8eb7445bc9c0a961ba11d06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\source\cg\cgall\pcidisk\objfre_wnet_x86\i386\pcidisk.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
DbgPrint
MmIsAddressValid
MmGetSystemRoutineAddress
PsGetCurrentProcessId
IofCompleteRequest
ObfDereferenceObject
IoGetDeviceObjectPointer
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ