2f55d2c62a48dfed6bf7bf42e9ae073f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f55d2c62a48dfed6bf7bf42e9ae073f_JaffaCakes118
Size

4KB
MD5

2f55d2c62a48dfed6bf7bf42e9ae073f
SHA1

1cf471bde37cffe6d1465a4323ff5b3ff761de37
SHA256

f96c894853210ab043693acd7ff8145be793967065edc301d002c1a63c95ef86
SHA512

48c10ad47cdd1ce8d5741e7079bce02d13492156912132a95b6b0fefb9f6ccd8804827431eadea9f05667907eff51bed5e7f2078e956606db3e0a86a5bc245e0
SSDEEP

48:ilGeltasl2NgCQlaDqT/Cd51Nccp5VbNARrWwxIZWQ7q2ue5WwGD+:av2NQlHG51Nc8va1LEWKLu+Ww8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f55d2c62a48dfed6bf7bf42e9ae073f_JaffaCakes118

Files

2f55d2c62a48dfed6bf7bf42e9ae073f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

069b16424b56dbed268b4221b8fb7c72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\SSDT\SYS\sys\i386\SSDT.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ProbeForRead
DbgPrint
KeServiceDescriptorTable
ProbeForWrite
_except_handler3
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ