dfc1eb5347cb26eea5f4f03f98a3192c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfc1eb5347cb26eea5f4f03f98a3192c_JaffaCakes118
Size

8KB
MD5

dfc1eb5347cb26eea5f4f03f98a3192c
SHA1

a9bb1ea7504b475c9f8df5165a7494300311b2dc
SHA256

c01a748ee7b73c17c88e46a4f9e50b7a1edc813a9416dd2a5a17b500733fe844
SHA512

613bf181d02f7ee71e2c4c919a3a49a5ab495f5f0ac3ec10761842cb5e863a959a95db9cba2438375dbe9d7723b657845f894c111a7f45f793319f3754a027b4
SSDEEP

192:Br/tXpGb5rtNKnEy6ozmUJm4b3svBqHvX3:xZpwvNyXXmU7IvBqHvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfc1eb5347cb26eea5f4f03f98a3192c_JaffaCakes118

Files

dfc1eb5347cb26eea5f4f03f98a3192c_JaffaCakes118
.sys windows:6 windows x86 arch:x86

0ba2cb7498834953f81bd2453ce71718

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\programs\remover2\restore\objfre_wxp_x86\i386\restore.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlAnsiStringToUnicodeString
RtlInitString
ExAllocatePool
ZwQuerySystemInformation
memset
memcpy
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
NtBuildNumber
KeServiceDescriptorTable
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 586B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ