96741366b2de37bcda74d7c65bf96230_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96741366b2de37bcda74d7c65bf96230_JaffaCakes118
Size

4KB
MD5

96741366b2de37bcda74d7c65bf96230
SHA1

c1ebc9107128469d71b1daebd84430af85d220c4
SHA256

d47ffb0467106ae42bf948d88a43bf6bfc1641898e9a18d769927d2bf61f730b
SHA512

f37a2b50e182820d2baf436e0762c9820a1bc8663b0c944bb9cad372e6764f4f53b32170e84d973b572adb617bfb848d4cd4fe9b3b7d59ff0cf4606e9884c380
SSDEEP

96:rUeckWCNtYXcrGyMy9DHcDSPsyEaPNWNZ5PnY:rHxWCNnFMJDys3aPNaZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96741366b2de37bcda74d7c65bf96230_JaffaCakes118

Files

96741366b2de37bcda74d7c65bf96230_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d592ccd2a7532a2030693c283f1e7efa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\av0624\nt2\i386\Smars.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
ZwUnmapViewOfSection
IofCompleteRequest
DbgPrint
MmFreeNonCachedMemory
KeServiceDescriptorTable
IoDeleteDevice
ProbeForRead
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
MmAllocateNonCachedMemory
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ProbeForWrite

hal

HalTranslateBusAddress

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ