b98227eb4be5adb5477ac04e17efd517_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b98227eb4be5adb5477ac04e17efd517_JaffaCakes118
Size

7KB
MD5

b98227eb4be5adb5477ac04e17efd517
SHA1

3727b453e49b357b546e2a398c69fbbf6afd8431
SHA256

d001ffe8f317b6453b2d5abc5ce0e2fa7e4a5868ad64a21df16537ffdb0864a0
SHA512

1f2a94c193e7cac5341c2cae4854241de979009fedad52210f349599f70ecd71c9f3f5641f541740c417685356bce0f1112e12c6ccfc136fc88411f5fb87c2f3
SSDEEP

96:qOj2vrkr5mpk4KaNj4yfvxwsIdqVvcxOs4kFEWcYRfIwWwkD:qOSkVf4KaNEyhwsIdW3s4keWVfIwWb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b98227eb4be5adb5477ac04e17efd517_JaffaCakes118

Files

b98227eb4be5adb5477ac04e17efd517_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d95c0f7bf9b607cbb34dae0d9657ede4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
HalPrivateDispatchTable
KeFindConfigurationEntry
InbvDisplayString
KdDebuggerNotPresent
_strupr
strstr
MmMapIoSpace
atol

hal

READ_PORT_UCHAR
WRITE_PORT_UCHAR
HalQueryRealTimeClock
HalInitSystem
KdComPortInUse

Exports

Exports

KdD0Transition
KdD3Transition
KdDebuggerInitialize0
KdDebuggerInitialize1
KdReceivePacket
KdRestore
KdSave
KdSendPacket

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEKD
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ