25d9440f587d5b0c6320751758618500_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25d9440f587d5b0c6320751758618500_JaffaCakes118
Size

23KB
MD5

25d9440f587d5b0c6320751758618500
SHA1

3c39b142eca42aa51911ee93861b9bc17226444d
SHA256

b7026f0c228b5a9bc4697ea34af718ea91f1360c917e7d09f5e951cae4226b8a
SHA512

64fa1a5dd66a93cdcab90f4a3429daefd3cb0aad8d01d6562d905ae5bf5a732130bc002c7f39e67a3ce5275fe891fa38234fa138d08c3ac6b74ceccecd6e1c0f
SSDEEP

384:g43Tu0FjGcgR70QA+5bhzVj4/9wEKjEJ0D+nOW2:g23j40QAGP6wEKjT4D2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25d9440f587d5b0c6320751758618500_JaffaCakes118

Files

25d9440f587d5b0c6320751758618500_JaffaCakes118
.sys windows:6 windows x86 arch:x86

b0edd518ec446bfcaad04819aa1a2b85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hacklab\win\drivers\h105d\objfre_wxp_x86\i386\h105d.pdb

Imports

ntoskrnl.exe

ObfDereferenceObject
ObReferenceObjectByHandle
strncmp
strncpy
PsGetProcessImageFileName
IoGetCurrentProcess
NtMapViewOfSection
PsGetVersion
ZwQuerySystemInformation
PsLookupProcessByProcessId
KeInsertQueueApc
KeInitializeApc
KeGetCurrentThread
memcpy
MmIsAddressValid
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
memset
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupThreadByThreadId
ZwReadFile
ZwQueryValueKey
ZwQueryInformationFile
KeTickCount
KeBugCheckEx
_strlwr
RtlUnwind

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ