fd3a35813877d9527456a3db7f4bb5f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd3a35813877d9527456a3db7f4bb5f9_JaffaCakes118
Size

5KB
MD5

fd3a35813877d9527456a3db7f4bb5f9
SHA1

d3f2feccc2b6d9ca86c235227ccfc207b336b94d
SHA256

d604846e1a59120d1ecd3d87089fa890878f4d94ca1848d3f9290549ee8761dc
SHA512

2898fd3c32b62c268f9602c1fb876a19be24817acc6359fe34ae2480bd3d443f596050d47e20f23be66a7e4380f96410dc240ecb97a56889b236f599589a3786
SSDEEP

96:ZkP93eICkP1V6lPvbygaG4/Mo90154UcCWcQdSKUwG2il0fss4T1y/:ZkP9dtsb1fzCvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3a35813877d9527456a3db7f4bb5f9_JaffaCakes118

Files

fd3a35813877d9527456a3db7f4bb5f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

64c920d0d8eecd3df079bb1c111e2e7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

#. LIE31=(GF?I)EJ3H1B/$;.JE6-<3@(*G=B2=25/F,E&78HGKB6HK:C5FF9J?<=F.;A:%% +#?!>B

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ