18c46ca8fe93eaa127ce5999f822145f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18c46ca8fe93eaa127ce5999f822145f_JaffaCakes118
Size

2KB
MD5

18c46ca8fe93eaa127ce5999f822145f
SHA1

9b0c336260d8a8a669bc60d252c4f5a3210137d6
SHA256

04658dbc8a7e808c20b459ed27958697c5fbdcf8ec2405e8f7507f3c2a7fc89a
SHA512

d7d725a0e5a23f72f480a0c79f4585be2339455769d57b87828c160231205d17673b5fab75a5c7c0ea2635cb2ad532470ec988f0122f2e20f27b5c50b93be878

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18c46ca8fe93eaa127ce5999f822145f_JaffaCakes118

Files

18c46ca8fe93eaa127ce5999f822145f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

069b16424b56dbed268b4221b8fb7c72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\SSDT\SYS\sys\i386\SSDT.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ProbeForRead
DbgPrint
KeServiceDescriptorTable
ProbeForWrite
_except_handler3
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ