38c0426caaab755637b19884cb785e6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38c0426caaab755637b19884cb785e6a_JaffaCakes118
Size

7KB
MD5

38c0426caaab755637b19884cb785e6a
SHA1

f371938d3ef64a29d23fd5d4b6680fc00030cc1d
SHA256

dc799943376f4d4be0dbf2600641311e1b6d6fbe934c5b4c109e609f36780ecd
SHA512

d4e99cb6438c4515ed8794c243b36014f3b8708437b7ca7745ee0363ba18ad40b3059137f66f6cf6845bceeec2450dc4fd98fb6ee04431c0dffd0bacc801da78
SSDEEP

96:U67PZh0kxiUP8AslLRjSFaoywHzsKt6IjywKk0Td:Uw0kxieMtRGFaoZQKtXlv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38c0426caaab755637b19884cb785e6a_JaffaCakes118

Files

38c0426caaab755637b19884cb785e6a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6d0202b94dfa511726a1b8457af20f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DDK_Work\BO_FU_Rootkit1\BO_FU_Rootkit\exe\i386\bodrive.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoFreeMdl
MmUnmapLockedPages
ExFreePoolWithTag
ZwQueryDirectoryFile
ExAllocatePoolWithTag
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
IoDeleteDevice
DbgPrint
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
IoGetCurrentProcess
KeTickCount
RtlCompareMemory
KeServiceDescriptorTable
strncmp

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ