fd3a1c7822b43f639be1c98fcb55296b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd3a1c7822b43f639be1c98fcb55296b_JaffaCakes118
Size

4KB
MD5

fd3a1c7822b43f639be1c98fcb55296b
SHA1

89c48118da3dda10b5eceb7735cc00e165e2e711
SHA256

6575b9339e790f02fe1a70bad303489b0f433a38e32345fc2a0241b634b0148d
SHA512

d3c3471807210a7636ea30c6ba2e9c69ab20cf50c71a6a338f55eead20bc6bd646973a22a340a4184ba1a644f9ef72dd663b2a816347d7e989b760e3e2b0c91d
SSDEEP

96:Bro+Mp84+LktK6KeW6vZNjKsjBEaiHB/w/sw39mZ:PTXLktKpBSNiHS/swty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3a1c7822b43f639be1c98fcb55296b_JaffaCakes118

Files

fd3a1c7822b43f639be1c98fcb55296b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cdab88fe925b8651fe8f34e7ff86924f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoRegisterDriverReinitialization
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByName
ZwAccessCheckAndAuditAlarm
ZwClose
ZwOpenDirectoryObject
MmUserProbeAddress
KeServiceDescriptorTable
IoDriverObjectType
DbgPrint
IofCompleteRequest

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ