64b4c7454901bec46d71801868c6d864_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64b4c7454901bec46d71801868c6d864_JaffaCakes118
Size

5KB
MD5

64b4c7454901bec46d71801868c6d864
SHA1

850a234e47e96876d3c4dfd8d3bd4d0763cd4b1c
SHA256

7fe9fca15628c61001c75daf4c187283d31858543f21137f4ff5eaace56bf5be
SHA512

72002822f72c45959b131db8eccdef09340ad4072629bcbe4e867da7bd35b326d9c008c91f8368187dfd74e1d0229b315fb94f57d10d97426c912b0d8b0364b9
SSDEEP

96:oEQu1KygTcrKIjuGi0k9yMZMHhMsqdgsL9o40:oC1ETKRi0KyaTdNb0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64b4c7454901bec46d71801868c6d864_JaffaCakes118

Files

64b4c7454901bec46d71801868c6d864_JaffaCakes118
.sys windows:5 windows x86 arch:x86

9d785ef454de36a116c322a886d4e5e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\CPP\driver\fuse\fuse\objfre_w2k\i386\fuse.pdb

Imports

ntoskrnl.exe

KeSetEvent
wcsncpy
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ExFreePool
MmUnlockPages
IoFreeMdl
PsSetCreateProcessNotifyRoutine
MmMapLockedPagesSpecifyCache
RtlInitUnicodeString
IoAllocateMdl
ExAllocatePoolWithTag
KeServiceDescriptorTable
ZwDeviceIoControlFile
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
ZwOpenSymbolicLinkObject
MmProbeAndLockPages
ZwQuerySymbolicLinkObject

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 261B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 830B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ