e204fd3dc3009354efe9e645002c8ecd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e204fd3dc3009354efe9e645002c8ecd_JaffaCakes118
Size

2KB
MD5

e204fd3dc3009354efe9e645002c8ecd
SHA1

3a8088cd0c73b34bfbabcdb2bc45a3da24ce39d1
SHA256

48ed09d2d029bd60341502ad750c941a4aa191d1cd5ad7cd878032e4d5592691
SHA512

e28fe0e3220e065b6b6609696b92f512813e9a40f3ebcf760890c737479acd4004e96b6baa978eeed21795f58fd6919f44034de18ae98525941459392d7e12a8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e204fd3dc3009354efe9e645002c8ecd_JaffaCakes118

Files

e204fd3dc3009354efe9e645002c8ecd_JaffaCakes118
.sys windows:5 windows x86 arch:x86

94d07a2c5b7927b63da16147d1edd21b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\1-4\3-16\killkb\objfre\i386\killkb.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
ZwOpenProcess
ZwClose
ZwTerminateJobObject
ZwAssignProcessToJobObject
ZwCreateJobObject
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 768B - Virtual size: 744B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 332B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ