aea68f2e0559fa8a03faf57ba3ead59a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aea68f2e0559fa8a03faf57ba3ead59a_JaffaCakes118
Size

4KB
MD5

aea68f2e0559fa8a03faf57ba3ead59a
SHA1

a20df897bc7b036006e62baae16fad363007db36
SHA256

1615cd4eaf3b1e87e78f036de715f36a1c23f5ebc10af0e903f03976bfdf513a
SHA512

c1b794e071003c0c8b806e9b6405305a5ab1883c63602c50c568b9e8aec4be46c48c7eb921b5bf1fdd3c687f4b490a4578b569c5942874c63737ca9d817f20b6
SSDEEP

48:iX80SAV65PTAp0lG7Qgv+bcEBxeGCiEBkqkE+yGTgsLCsZnyRKOR:O8p50p8uQbbcE+GCiEBkZE+y0LCsI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aea68f2e0559fa8a03faf57ba3ead59a_JaffaCakes118

Files

aea68f2e0559fa8a03faf57ba3ead59a_JaffaCakes118
.sys windows:6 windows x86 arch:x86

0520fb3b2836b828fb63930ddcdaefa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\7600.16385.0\src\objfre_win7_x86\i386\KernelKill.pdb

Imports

ntoskrnl.exe

DbgPrint
PsTerminateSystemThread
PsLookupProcessByProcessId
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
KeTickCount

Sections

.text
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 463B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ