a7bde06cc314286b784ebc7ea3012940_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7bde06cc314286b784ebc7ea3012940_JaffaCakes118
Size

4KB
MD5

a7bde06cc314286b784ebc7ea3012940
SHA1

68c1a29d1e9f1670b882eb22ccfb98315e53ae57
SHA256

d19599691f3476113c2978fffbcca69facee81ac831f71dfb218d021a189803a
SHA512

3ece82d4097fa6291a5d63fcf85433b6edb94091891a9ebc6bf2919d1ca0b11d5cca88c91f7b0dde60fa025c611ac77558e064d1f527c3b66dff45d2bd02bab3
SSDEEP

48:SWVKJ5QSAJF+9y6hnH1d3AXSD3Hn7KJV6aoopp/qV7VwmRyA66bVVnTg9Rrgjde:IJ5Qzfb6hsXUXnmVyo/xAc1gjde

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7bde06cc314286b784ebc7ea3012940_JaffaCakes118

Files

a7bde06cc314286b784ebc7ea3012940_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c609ce526b8ef0e7c12317e4fd5b7873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\maofang\benz\SYS\objfre\i386\KILLKB.pdb

Imports

ntoskrnl.exe

PsSetLoadImageNotifyRoutine
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenProcess
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsProcessType
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
_stricmp
ZwClose
ObReferenceObjectByHandle

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ