5abe154036225efdf310a5b57f45a394_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5abe154036225efdf310a5b57f45a394_JaffaCakes118
Size

2KB
MD5

5abe154036225efdf310a5b57f45a394
SHA1

73390d44d3431ca2aef9ab93b27534cf33eb9549
SHA256

6b0e49a74873817c92a2dd1d323ddc789b25c9c77a6c461e5791ec8ad1f1bd7a
SHA512

4a0000f6d09b9b4c19e2960c06dfc701c0b9c2878ba00699f1c166baee46820dd7548511ca00661c46ea0d209abd0dacaf5af91e83f90c782c1a7da67332ff01

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5abe154036225efdf310a5b57f45a394_JaffaCakes118

Files

5abe154036225efdf310a5b57f45a394_JaffaCakes118
.sys windows:5 windows x86 arch:x86

94d07a2c5b7927b63da16147d1edd21b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\1-4\3-16\killkb\objfre\i386\killkb.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
ZwOpenProcess
ZwClose
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
IoCreateSymbolicLink
IoCreateDevice

Sections

.data
Size: 896B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ