43c5cac18219d9fbcb5fa75df5b74ad0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43c5cac18219d9fbcb5fa75df5b74ad0_JaffaCakes118
Size

6KB
MD5

43c5cac18219d9fbcb5fa75df5b74ad0
SHA1

f15c70cbe348e8359864b0e487fcf73947e1f25c
SHA256

e9fe4bacd31023e2018b014c4f0458a5c12ca40b1737503c60dae3e67a1a6ffb
SHA512

d02294d4f6655443b392700a1b69f1e6a4258d3adb389a1e3f1c978133314966a18809f383266aabd8a492204a73160cce3f38f13efbe73796ab3eb9ba7d9262
SSDEEP

96:pfA6xx4vOf4lZ9RrgoOTe5AvwMl8Kz41QC4:y6YWc9RrOtyK6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43c5cac18219d9fbcb5fa75df5b74ad0_JaffaCakes118

Files

43c5cac18219d9fbcb5fa75df5b74ad0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

40cb233c0a4f27aa6ef3a4972a2acf90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WorkCode\种子系统\合作种子2\下载器II\Release\i386\VideoCapPCI2.pdb

Imports

ntoskrnl.exe

strncmp
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoGetCurrentProcess
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_snprintf
PsGetCurrentProcessId
DbgPrint
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 309B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ