d5d338c404feb441a4b722be0e2addad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5d338c404feb441a4b722be0e2addad_JaffaCakes118
Size

2KB
MD5

d5d338c404feb441a4b722be0e2addad
SHA1

de00bcf605a225aedb6e2d46bd08a8fb46c2079e
SHA256

35b03e5bc1683e61db0b30ef038fd2fb44d4a6e51134408d97a7275065df4a84
SHA512

a116763250119fd8302813bc9e1d572ea22f1e3d91725429b2d14689938e5c4044663d2361a7bea5f726204d108ddf0d73f698661965d97d86f6ecfd01401b37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5d338c404feb441a4b722be0e2addad_JaffaCakes118

Files

d5d338c404feb441a4b722be0e2addad_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d1b5da5ca0d1d01b5051adfbe9d848a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\网络公布版本\MINISAFE\i386\MINISAFE.pdb

Imports

ntoskrnl.exe

IofDompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
PrObeForRead
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3

Sections

.text
Size: 640B - Virtual size: 524B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 308B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ