f17c8dd58d4b51f265041a4ac1fe60ea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f17c8dd58d4b51f265041a4ac1fe60ea_JaffaCakes118
Size

20KB
MD5

f17c8dd58d4b51f265041a4ac1fe60ea
SHA1

ceb59983c11717b6d1bd7867766fb12282e3ead4
SHA256

cff6d09121c8836e6c930577062efd55eaecf098a7f93a11e1c31ba15e1bd033
SHA512

4014fff3aec639b60a62dea7f33e33723356b2534df0630a0accc582f32494b14189f6efac42812651f9e63f3381e34edfc2048de1482488b3e8c54f608a21fe
SSDEEP

384:uHhIHwSPflqdy9qZP30XK+BdWVLLJBiLb7m5YPTI4o:XwSM+BMBLJBOTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f17c8dd58d4b51f265041a4ac1fe60ea_JaffaCakes118

Files

f17c8dd58d4b51f265041a4ac1fe60ea_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b63692ba59f2590d69b5ef42e4e71263

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenThread
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwSetValueKey
ZwReadFile
ZwQueryInformationProcess
ZwQueryInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
ZwOpenProcess
ZwDeleteFile
ZwCreateKey
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile
_strnicmp
PsLookupProcessByProcessId

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 816B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ