72f0a272cc8ed31a6c7e9d6889f1fb79_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72f0a272cc8ed31a6c7e9d6889f1fb79_JaffaCakes118
Size

209KB
MD5

72f0a272cc8ed31a6c7e9d6889f1fb79
SHA1

8b767cc1a006ea6b1d274217587b0e880c84d288
SHA256

9e6f3c8077e3f8ff261b5333bd22be47c32379c09c9114a262c625608b341312
SHA512

f8e6fc0b4b1dbe83a7739d393546c081cadf4f26a525706d9c865c24a8bc3cc4e5889218692e2f76ff48d88d00584753f68b6f4ab9f03105ab02f3a23b6e3d52
SSDEEP

3072:p3qW7U/OgMJ1/ikLmT3bi3oUK4EOrMN7hV609XV4Y6z0RjCnt/zooO:kG7L43+mOCs0J2Y20Ut2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72f0a272cc8ed31a6c7e9d6889f1fb79_JaffaCakes118

Files

72f0a272cc8ed31a6c7e9d6889f1fb79_JaffaCakes118
.sys windows:5 windows x86 arch:x86

790a705bb6e01a5ec06e60aeca34cb54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dk\rwm\objfre_wxp_x86\i386\rwm.pdb

Imports

ntoskrnl.exe

DbgPrint
ExFreePoolWithTag
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
ExAllocatePoolWithTag
PsLookupProcessByProcessId
_except_handler3
ProbeForWrite
MmIsAddressValid
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 554B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ