a43fc5a924de271d21105d559d117763_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a43fc5a924de271d21105d559d117763_JaffaCakes118
Size

7KB
MD5

a43fc5a924de271d21105d559d117763
SHA1

c025639db6920dd2251384b3ae04a4bc6b9c56db
SHA256

a8b7952a428cf05d7780a6da936ba5acae80a1c0c408f33d96faaf8d1055e49d
SHA512

748cc6b3387e37e165711c08469501f6e4f1cdf37c325dfed237462d8ae125abedf1cc7af79b1ced72b5c602f50f00c1ed1c3404667429cd2d54187da78fdbd3
SSDEEP

192:qOSkVf4KaNEyhwsIdW3s4keWVfIwWJuvd:quassIdh4keWVfIwWwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43fc5a924de271d21105d559d117763_JaffaCakes118

Files

a43fc5a924de271d21105d559d117763_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d95c0f7bf9b607cbb34dae0d9657ede4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
HalPrivateDispatchTable
KeFindConfigurationEntry
InbvDisplayString
KdDebuggerNotPresent
_strupr
strstr
MmMapIoSpace
atol

hal

READ_PORT_UCHAR
WRITE_PORT_UCHAR
HalQueryRealTimeClock
HalInitSystem
KdComPortInUse

Exports

Exports

KdD0Transition
KdD3Transition
KdDebuggerInitialize0
KdDebuggerInitialize1
KdReceivePacket
KdRestore
KdSave
KdSendPacket

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEKD
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ