47253ee162108bec0aacae653d9c6752_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47253ee162108bec0aacae653d9c6752_JaffaCakes118
Size

4KB
MD5

47253ee162108bec0aacae653d9c6752
SHA1

7465c8a31377ba69eed298aba4b2a9e4b4af7a8a
SHA256

11e33dd3aeca966cfe669d4ed07567b7aabb2b616f5712dd9e43da828d2e0aca
SHA512

d6603c5ba60b88b6270192e395af2575c4340adbe82076e786a05ca10fcb833ff4cae7c3657c857299ed282d4426d85ffc52b883f67b5fda872255e3578a71e6
SSDEEP

96:aQRG3ZzcWu5tfrfazo2yTeqShQbUGHP16+vU889:aQ03ZzURC2TPaQHdsb9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47253ee162108bec0aacae653d9c6752_JaffaCakes118

Files

47253ee162108bec0aacae653d9c6752_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a75b7b8a0ec59e2b1953cf5088b5002f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\newcode\ssdt\sys\i386\CrackMe.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
NtBuildNumber
ZwTerminateProcess
MmIsAddressValid
NtOpenProcess
KeGetCurrentThread
ZwClose
ObOpenObjectByPointer
PsLookupProcessByProcessId
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ObReferenceObjectByPointer
PsThreadType
PsLookupThreadByThreadId
DbgPrint
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ