f346bd13f976b3241f5390414c491799_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f346bd13f976b3241f5390414c491799_JaffaCakes118
Size

4KB
MD5

f346bd13f976b3241f5390414c491799
SHA1

553d3fac016b7e55afed561ae14f74aee76817fd
SHA256

ac7e5bc33814976e5687b450c1eea6db61656a7c1ca22d74f58b6b249c4ac068
SHA512

45d05d4be685d8faad0fcac0f824cf33acf699829c2bc9d49928a06fb24f14c425bfe6b9cb9dc0e5bb21e2702cc50b36bdaa58effa4ff1299725e3fe6762611d
SSDEEP

96:CQnZcSTViyEFXhyXv603bUm3FtpMvcrjiRIGlHI0DPxC:PnZcSTViyEG3zfMvcrjiRxo0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f346bd13f976b3241f5390414c491799_JaffaCakes118

Files

f346bd13f976b3241f5390414c491799_JaffaCakes118
.sys windows:5 windows x86 arch:x86

27be06e0bd9c6d47886314f14d216b63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ExFreePoolWithTag
ObQueryNameString
ExAllocatePoolWithTag
MmIsAddressValid
_except_handler3
memcpy
memset
wcsstr
ZwClose
ZwCreateFile
RtlInitUnicodeString
CmRegisterCallback
CmUnRegisterCallback
IoDeleteDevice
IoDeleteSymbolicLink
DbgPrint
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 247B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 704B - Virtual size: 698B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 224B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ