b3cad0e125ff2647d815545eb410768e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3cad0e125ff2647d815545eb410768e_JaffaCakes118
Size

4KB
MD5

b3cad0e125ff2647d815545eb410768e
SHA1

9b6c4d7d48de6eba04c281d56a4f86423288c6f2
SHA256

7c10463cdc9cef8e32892bb633352c473596363b1e66f7c106e708a9b6d3d44d
SHA512

210cafd81b82c957e3ce3cb992ad13255476c33d9e96f58316908c88a15cca5a4639ea15118f28fe9ef4f0271a27eb48afd3d42cf4310f3643fc31e1d8f895d2
SSDEEP

48:SBFEod5a6atK5F56CeH1RrdAXPzz+AnoPIqPg+p9YPEqV7VwmRyA66bVVnTg9RrC:2Ff57R6CLX7CAnVgN7G4Ac1gjdXl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3cad0e125ff2647d815545eb410768e_JaffaCakes118

Files

b3cad0e125ff2647d815545eb410768e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c609ce526b8ef0e7c12317e4fd5b7873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\maofang\benz\SYS\objfre\i386\KILLKB.pdb

Imports

ntoskrnl.exe

PsSetLoadImageNotifyRoutine
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenProcess
KeUnstackDetachProcess
ZwTerminateProcess
KeStackAttachProcess
PsProcessType
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
_stricmp
ZwClose
ObReferenceObjectByHandle

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ