ddcd9413ef01957bc1da79189939ba00_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddcd9413ef01957bc1da79189939ba00_JaffaCakes118
Size

8KB
MD5

ddcd9413ef01957bc1da79189939ba00
SHA1

ac59d370977f80fb1806fec7c74513a1bf908fae
SHA256

358e30d3aebab8d5d943d752f4f181a01a2c290d8daf81db6a14665cd407c1f4
SHA512

47651fc41305efecccb3c24ee1fcb05654233e274c05cbce63206be3096a86a289e5e1f3cb2f2bd6d8ba9b7f2188ff6591f61892f2e594f2950ede98813d5118
SSDEEP

192:FW3pi29NyWyaWspC5FzPrzsp+3RqR5yrn:o5i2DyWyaWHrs+22

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddcd9413ef01957bc1da79189939ba00_JaffaCakes118

Files

ddcd9413ef01957bc1da79189939ba00_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f8bb4a95f22f29de9845f75bdf69e798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\编程\木马\gh0st3.6_src\Server\sys\i386\CHENQI.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3
IoAttachDevice
IofCompleteRequest

hal

IoFlushAdapterBuffers

Sections

.text
Size: 640B - Virtual size: 548B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ