40d69aa84df26b4781adbd08278a21cb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40d69aa84df26b4781adbd08278a21cb_JaffaCakes118
Size

7KB
MD5

40d69aa84df26b4781adbd08278a21cb
SHA1

3663911d87536cb5aa46ddba2e21be7c70b25a44
SHA256

7fb3bfd70cdf8253c897675cf6c0f9d88c1d646f4347b3055187f1f5738dd608
SHA512

3d144737c650c88e73432968ce2d6c31afcf441c48f2ce55349dd16f448249a2eb0ef4ac9a21f55b9f1d0cdaca65a2b515df9ac1298bc4551809b468fe32eb0b
SSDEEP

192:ZwUCoWeW7Wdzbposk1IOpuNQpWLoWseVsX:ZwUCoWeW7WpeOODpWLoWDsX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40d69aa84df26b4781adbd08278a21cb_JaffaCakes118

Files

40d69aa84df26b4781adbd08278a21cb_JaffaCakes118
.sys .js windows:5 windows x86 arch:x86 polyglot

0e958bb9c0cd4569b69664f970fbd7a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\all\downloader_sys_new_2011_2_15\iocompleterequest_file_dkom_kebugcheck_stable_simplify_add\objfre_wxp_x86\i386\AK922.pdb

Imports

ntoskrnl.exe

_except_handler3
IofCompleteRequest
PsGetVersion
wcslen
MmMapLockedPagesSpecifyCache
KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
DbgPrint
RtlInitUnicodeString
MmGetSystemRoutineAddress
_wcsnicmp
KeDelayExecutionThread

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ