4aada9d9f6ba8ec10f084b23236a38bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4aada9d9f6ba8ec10f084b23236a38bd_JaffaCakes118
Size

3KB
MD5

4aada9d9f6ba8ec10f084b23236a38bd
SHA1

0d7f03b9510f2d0427f96bd0fb3ef2fade12820c
SHA256

25cc64eb332494cab026d0c032493ba695be50c2ac3a57c37222d84903775777
SHA512

298e0aba39ba7703defdf804473a14f031ff1d639ea8d72739e34784bc6953b359bd6adfc2ef40788b4317f9d96822bf002f8d1c4ef1588f0d1a08c18ccaec9d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aada9d9f6ba8ec10f084b23236a38bd_JaffaCakes118

Files

4aada9d9f6ba8ec10f084b23236a38bd_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b18243f2ff43a2c11ef1e05d68f8fe81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\工作\风云13\processhide\objfre_w2K_x86\i386\PorcessHide.pdb

Imports

ntoskrnl.exe

RtlCompareUnicodeString
RtlInitUnicodeString
ZwQuerySystemInformation
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
KeTickCount

Sections

HOOK
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UNHOOK
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PATCH
Size: 128B - Virtual size: 92B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SETHOOK
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UNLOAD
Size: 256B - Virtual size: 215B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENTRY
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b18243f2ff43a2c11ef1e05d68f8fe81

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

HOOK Size: 256B - Virtual size: 172B

UNHOOK Size: 128B - Virtual size: 32B

PATCH Size: 128B - Virtual size: 92B

SETHOOK Size: 128B - Virtual size: 46B

UNLOAD Size: 256B - Virtual size: 215B

ENTRY Size: 512B - Virtual size: 434B

.text Size: 128B - Virtual size: 12B

.rdata Size: 256B - Virtual size: 167B

.data Size: 128B - Virtual size: 12B

INIT Size: 512B - Virtual size: 396B

.reloc Size: 128B - Virtual size: 110B

HOOK
Size: 256B - Virtual size: 172B

UNHOOK
Size: 128B - Virtual size: 32B

PATCH
Size: 128B - Virtual size: 92B

SETHOOK
Size: 128B - Virtual size: 46B

UNLOAD
Size: 256B - Virtual size: 215B

ENTRY
Size: 512B - Virtual size: 434B

.text
Size: 128B - Virtual size: 12B

.rdata
Size: 256B - Virtual size: 167B

.data
Size: 128B - Virtual size: 12B

INIT
Size: 512B - Virtual size: 396B

.reloc
Size: 128B - Virtual size: 110B