05f598dc5c3f1f755ff5227daae1de73_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05f598dc5c3f1f755ff5227daae1de73_JaffaCakes118
Size

6KB
MD5

05f598dc5c3f1f755ff5227daae1de73
SHA1

242b008b6097bec8aba68639e61439b12c1d275b
SHA256

69e634f9a39274622e80b715a2be583e0b268ed10d7e93f4dbb411c188bd411f
SHA512

9975e44102113414f6fd84249175bc7882872f4bba4f9d75901c7a030c5f8bfbcda6a2c2c19bb5ed0ea9c0384ff0b867f9e637456f2891a38aff22278983878e
SSDEEP

96:NFnXhBlp2wT912JBa3jCwybSQXihqb3yiSo1JO/gImn81y:blp20DYazPyb7ihqb3y/oDOIpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05f598dc5c3f1f755ff5227daae1de73_JaffaCakes118

Files

05f598dc5c3f1f755ff5227daae1de73_JaffaCakes118
.sys windows:5 windows x86 arch:x86

79c8881d01327f080c8fd103bfe19bbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\临时目录\KillEXE-ByPspTerminateThreadByPointer\sSys\objchk\i386\KillProcess.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeInsertQueueApc
KeInitializeApc
ExAllocatePoolWithTag
ObfDereferenceObject
ObfReferenceObject
RtlAssert
DbgPrint
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTerminateThread
IoDeleteSymbolicLink
IofCompleteRequest
PsLookupProcessByProcessId
MmUnmapViewOfSection
ZwClose
ObOpenObjectByPointer
KeDetachProcess
ZwTerminateProcess
KeAttachProcess
MmGetSystemRoutineAddress
_except_handler3
RtlInitUnicodeString
MmIsAddressValid

hal

KfLowerIrql
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 339B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 776B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ