5a92d8865c27c49e2a0cbec4ba941e0b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a92d8865c27c49e2a0cbec4ba941e0b_JaffaCakes118
Size

3KB
MD5

5a92d8865c27c49e2a0cbec4ba941e0b
SHA1

81132f886351c975a7a61122f28ae348568ea9fc
SHA256

3b6dd94db8ab03ca9f78676e34e7fd937c5a06e6ab964f690d4553d17b52bb3a
SHA512

1e838bec7f611951d3327bd5a7e98c98847f36914e880dbe708d586ced38ac294accdb1335c6f6227f9c9eee10f80fe4296a95b7466a4b315f7c5cca3344cf7d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a92d8865c27c49e2a0cbec4ba941e0b_JaffaCakes118

Files

5a92d8865c27c49e2a0cbec4ba941e0b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

edf700a6c774d8dd7079dac8ccb09562

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Sys\MyRootKit\objfre\i386\MyRootKit.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
ZwOpenProcess
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ZwTerminateProcess
KeServiceDescriptorTable
IoDeleteSymbolicLink
ZwClose
MmGetSystemRoutineAddress
RtlInitUnicodeString
sprintf
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
IoDeleteDevice
IofCompleteRequest

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 263B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 658B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ