074733e160ab7ec0c28c3b86d8c00336_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

074733e160ab7ec0c28c3b86d8c00336_JaffaCakes118
Size

2KB
MD5

074733e160ab7ec0c28c3b86d8c00336
SHA1

ad9e52f23c4012d886853c75a84f65a092a9d1ce
SHA256

cf3d37f1d7f7c74616f0e8de139424c2ddce7a4271ef87ca8dbbf1dbf99fbd0f
SHA512

69daf8ccfdd2da88dde4a06c856b5b62b944a3e1c70b6b901b7d2285a828437addc3721cfbd69aa4feede630c044127210965ff260e7141dc44976da72f69108

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
074733e160ab7ec0c28c3b86d8c00336_JaffaCakes118

Files

074733e160ab7ec0c28c3b86d8c00336_JaffaCakes118
.sys windows:5 windows x86 arch:x86

853a1f6b4438dcc9b9c269ff86c1e7e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
ZwOpenProcessToken
ZwTerminateProcess
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 352B - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ