26aecdf96d91683d87f22a084bc5eb29_JaffaCakes118 | Triage

Sharing

General

Target

26aecdf96d91683d87f22a084bc5eb29_JaffaCakes118
Size

5KB
MD5

26aecdf96d91683d87f22a084bc5eb29
SHA1

b5fae921c8f1e201176b791ebfa385c44a2ae3a0
SHA256

e9f8a0017019736bb5b71969a29c2585f3833d105895822dbcfd15039756fb13
SHA512

37f3b7a1dabc02503e4b9fe0a1f608c2bbe09ef6f2671457fb598771c30fbfb687e268bd9edf4778a6ff96ca6f679e6bb888e96b7e8c2b3079c6c1ea07f58e87
SSDEEP

96:zNX+xjlcoQo1FLkdF8ot6CQJUuU5lQy60QCHYa3DS:zNgjlcoQo1FLkdFv6CQJFD30ty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26aecdf96d91683d87f22a084bc5eb29_JaffaCakes118

Files

26aecdf96d91683d87f22a084bc5eb29_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3325a1a4fcabd2c615283d9ae29fc5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 560B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 526B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ