b3087dd1282837481a16ee7daf23f664_JaffaCakes118 | Triage

Sharing

General

Target

b3087dd1282837481a16ee7daf23f664_JaffaCakes118
Size

5KB
MD5

b3087dd1282837481a16ee7daf23f664
SHA1

2b9e9f6639bd574da78e74f7403e4402b133c2ac
SHA256

07df4d61d9776449f4443035331c31e6b5822c5f754338c6b590bb21c845d94a
SHA512

df2474e326e35f45e521cddb2301e3dc22659b54f5b9e8c836097e033e7f2b90599b2ed9ba2c6dc5c074320803e14362a2288382d5232e8895afbc282e6a5f35
SSDEEP

48:qR0pOT19YXItQB6DcE1pMFdTjef85XTIVVZ1fFFKc8TMOnVfAKORrSbH+d:wgYt623MbPeCTqUc8TMI+1y+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3087dd1282837481a16ee7daf23f664_JaffaCakes118

Files

b3087dd1282837481a16ee7daf23f664_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca6325c8cced57ba84a6366d492cb2db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Projects\Finished\alerter\drv\bin\drv.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeDelayExecutionThread
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
ZwEnumerateValueKey
IoCreateSymbolicLink
ZwDeleteFile
strncmp
IoGetCurrentProcess
NtBuildNumber
ExFreePoolWithTag
ZwQueryObject
ExAllocatePoolWithTag
RtlCompareUnicodeString
IoCreateDevice
KeServiceDescriptorTable

hal

KeGetCurrentIrql

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 554B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ