e2536fe7c31f171d2d61f3d2cb94e85e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2536fe7c31f171d2d61f3d2cb94e85e_JaffaCakes118
Size

8KB
MD5

e2536fe7c31f171d2d61f3d2cb94e85e
SHA1

672969d30de4af2408b8878a6d1e75fe27414434
SHA256

743423c2691a37d5284f094c7325789b203242d44710b1a6c3806c9eddec689c
SHA512

51134962b88279698d71a7d002a71eae580e8f0e6c1127b4af398b487e01ada43333290375f361c9a67f2a1eafbac3d0870a2a8b3bd3cd2b32e511504db561de
SSDEEP

192:8l2tiGoZi4a37xYSFSSXEYEsgkCAKu9CRN2SMOmEIyxzGFAOzr3x7QU++Bxp:EwiG4i4K96rktKPRN/gBFNtl5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2536fe7c31f171d2d61f3d2cb94e85e_JaffaCakes118

Files

e2536fe7c31f171d2d61f3d2cb94e85e_JaffaCakes118
.sys windows:4 windows x86 arch:x86

37d7d43d8af67d691484420536d9ce54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisGetCurrentSystemTime
NdisRegisterProtocol

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
MmIsAddressValid
IoGetCurrentProcess
PsLookupProcessByProcessId
ObDereferenceObject
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
PsGetCurrentProcessId
IoCreateFile
IofCallDriver
ZwAllocateVirtualMemory
RtlCompareUnicodeString

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 594B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 688B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ