2c94d91edbe1d5978cb93e9683134b99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c94d91edbe1d5978cb93e9683134b99_JaffaCakes118
Size

21KB
MD5

2c94d91edbe1d5978cb93e9683134b99
SHA1

cb92c290226e8dfc43566b16e8442e674c525538
SHA256

b564b0969904c0b1dbf51d1da18f5695da59991b044c0bb13039c9869e001b9e
SHA512

238e956ff6c3e56ab32c149e85564de8154e3d554912d792b2f7a450aa7835ec71e378c5bfc3b578fbe2c8b83742bab3bad6b06022203d33c6f1f1b34d95a4db
SSDEEP

384:HIInV6hx1EfCuErtzbx53ANhtoIxl0HsDOL0STHdjq7i:DVwDAt4sDsHdG7i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c94d91edbe1d5978cb93e9683134b99_JaffaCakes118

Files

2c94d91edbe1d5978cb93e9683134b99_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6b43fb6048cc0b5d3016a26beb061fdc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwWriteFile
ZwTerminateProcess
ZwSetValueKey
ZwReadFile
ZwQueryInformationProcess
ZwQueryInformationFile
ZwQueryDirectoryFile
ZwOpenThread
ZwOpenProcess
ZwDeleteFile
ZwCreateKey
ZwCreateFile
ZwClose
ZwAllocateVirtualMemory
RtlCompareUnicodeString
NtLockFile
_strnicmp
PsLookupProcessByProcessId

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 606B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ