2d56e4a1b3999e79d103974dea142c24_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d56e4a1b3999e79d103974dea142c24_JaffaCakes118
Size

2KB
MD5

2d56e4a1b3999e79d103974dea142c24
SHA1

abe0d2ae2a0ade1c282f4de2945de8736ffd458e
SHA256

eb9aff1c8681eeb33f41f45a48bcfe01ce4773bb7fdd98ccd6b53bf85c5bfef7
SHA512

5a0a6c0ab3f4284300c4a1fc852f8f874a9ec3e51dde3189532fe888496c0c07a10d983c233da03e1661700ab04062ccb1dea5e731178c8712cea4fdd903ed08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d56e4a1b3999e79d103974dea142c24_JaffaCakes118

Files

2d56e4a1b3999e79d103974dea142c24_JaffaCakes118
.sys windows:5 windows x86 arch:x86

7ab1fb828b69862d660cec7d9bec4120

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForRead
_except_handler3

Sections

.text
Size: 576B - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 320B - Virtual size: 304B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ