f249caadb8da1e185b704209e4d2f9f7_JaffaCakes118 | Triage

Sharing

General

Target

f249caadb8da1e185b704209e4d2f9f7_JaffaCakes118
Size

13KB
MD5

f249caadb8da1e185b704209e4d2f9f7
SHA1

1e3520667c474d089e6f1c517c3e126686a12fe9
SHA256

7865f30695b006e3390febc189c8c1b8900b9874358b03c1b040739a5a78fd8b
SHA512

8520ff156ae8a2ba6fd578c4b2efb3f2ab084a6c136f77de6e8d32f47583d09097f50945f6ccdbf74b83dde1a9884dfc91c5f32e0f769981ab759a3e94842433
SSDEEP

192:WXH4Na5VqXVEfp+0bZiTAEx5lSVYiGfh7R+RgbZlDTCBGE1sLIuXfLB:WXH4NIJh77EHlOb8EoZlHmDSxF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f249caadb8da1e185b704209e4d2f9f7_JaffaCakes118

Files

f249caadb8da1e185b704209e4d2f9f7_JaffaCakes118
.sys windows:4 windows x86 arch:x86

ef9301ebd4d6ab9900054103b8cf1fee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
ZwQueryInformationProcess
KeServiceDescriptorTable
_except_handler3
KeInitializeEvent
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 554B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ