ae603e302dbc1c9f7a178b5313952fe8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae603e302dbc1c9f7a178b5313952fe8_JaffaCakes118
Size

5KB
MD5

ae603e302dbc1c9f7a178b5313952fe8
SHA1

59d1d9c1420d37526491cb65ac75055a9f456b6e
SHA256

fb953e2d50d22fd2375548603185b4ca847315c9fdb537376055e03e5fa2c7b3
SHA512

ebb8a353a36f2727bb81f6bc8d4669febfe6ab367ca0300e2dd38ab225cada225a389fd20668355f3b475c1ab0aa1f93b0c575c618a4d8017d988054a397ff05
SSDEEP

96:TdC8YFCoM1gcdEroMBghd9e29wjGhHErHCxC2PJAkDIN+tne+uuEY3:M5yVdys429wjGRAC1zsN+teRuE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae603e302dbc1c9f7a178b5313952fe8_JaffaCakes118

Files

ae603e302dbc1c9f7a178b5313952fe8_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f7adc469f08047a7bff7e4aeba8af0e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\2600\src\VRoot\sys\i386\VRoot.pdb

Imports

ntoskrnl.exe

ZwLoadDriver
ZwCreateFile
ZwCreateKey
ZwUnloadDriver
ZwQuerySystemInformation
ZwOpenKey
KeServiceDescriptorTable
wcsstr
ZwQueryDirectoryFile
DbgPrint

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 354B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ