42e22805bfdc85d67da140e8ff9e051b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42e22805bfdc85d67da140e8ff9e051b_JaffaCakes118
Size

5KB
MD5

42e22805bfdc85d67da140e8ff9e051b
SHA1

05284775cfc11a5fb9d848414a28923baf4e8961
SHA256

ece0a72a11f072da0b01b5acebac832c142853e2441eac108e6382ced5df5956
SHA512

f5217975c748c89b2868f4a64bc507d01c0ebe6ff8b69ca24c27f1ecae06132dca640d8eb1976c8dc4ecd5c118c2c5598b3706c76b042a69a722a6e6cd445b68
SSDEEP

48:AQ+7EXjes7dKWk9s9D96D6yk0Qk0aBpgQ3zKIHn7Q9o3fTVQaRWtcAA2ne0mhpKL:rDTSqh6LpgQ3e59qflA+Yef1Gm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42e22805bfdc85d67da140e8ff9e051b_JaffaCakes118

Files

42e22805bfdc85d67da140e8ff9e051b_JaffaCakes118
.sys windows:6 windows x86 arch:x86

5dc5e1879517add633136b415416e9f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\icyheart\docume~1\visual~1\projects\download\create~1\objfre_wxp_x86\i386\CreateHook.pdb

Imports

ntoskrnl.exe

strchr
DbgPrint
RtlCompareString
RtlInitString
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlFreeAnsiString
ObfDereferenceObject
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
memcpy
KeServiceDescriptorTable
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ