afbc986109ee1450f2056fcc277e438f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afbc986109ee1450f2056fcc277e438f_JaffaCakes118
Size

6KB
MD5

afbc986109ee1450f2056fcc277e438f
SHA1

ae37fd1f4cb1e793a7c0901713ce311105ee61b9
SHA256

ac6c61be93413302a1f62b0a6e3782cb38e5c02404a507becbbd1a9afed2544b
SHA512

254d465a09664df01e8b7e2aad8702aa526e0a8a99144e280d8195d693c585d94aaac2cd57af6e82b145f442fd6ec9636e1a7ebbd7d57155d4f606b5ba4dc8c9
SSDEEP

48:AQ+c9WYXn7VM6IU08fsk0sk0almK1ER3zKuHn749o3fTVQaRWt+Atve0mhpKEOsD:rBV08f8mKSR3ez9qflAjef13C5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afbc986109ee1450f2056fcc277e438f_JaffaCakes118

Files

afbc986109ee1450f2056fcc277e438f_JaffaCakes118
.sys windows:6 windows x86 arch:x86

5dc5e1879517add633136b415416e9f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\icyheart\docume~1\visual~1\projects\download\create~1\objfre_wxp_x86\i386\CreateHook.pdb

Imports

ntoskrnl.exe

strchr
DbgPrint
RtlCompareString
RtlInitString
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlFreeAnsiString
ObfDereferenceObject
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
memcpy
KeServiceDescriptorTable
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ