4c69438d4b541da3f21fe488a798c67a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c69438d4b541da3f21fe488a798c67a_JaffaCakes118
Size

6KB
MD5

4c69438d4b541da3f21fe488a798c67a
SHA1

b2b21d93756e7c6b145b19b91dffe71c9458455d
SHA256

265ace2ff8cd2c058a99ee5a79f20a2d1291b9a53a22ee22fbc6dc43adde54d3
SHA512

d3ff40f5707fe1a491ccc81efbf22b11a5375441f5044f08003c7d4bf117a3f87a90f4a044c4ea5bab8410c024222e4ef1780167201d73fbfb35767a1ac1c000
SSDEEP

96:HS/qH2w+yTTUPxhjFpSIHo/N4qgwwNhScFBIY2nhPGSB:HS/qWTcAxhjFpXHoF4vxNhfI5gu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c69438d4b541da3f21fe488a798c67a_JaffaCakes118

Files

4c69438d4b541da3f21fe488a798c67a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e0fb1dcb01d12ffa65b4153b029c777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\我的代码\kvsys\Release\kvsys.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
MmIsAddressValid
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
ZwOpenProcess
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
RtlFreeUnicodeString
RtlCompareUnicodeString
KeServiceDescriptorTable
memset
IofCompleteRequest
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ