3b19b49dd8f29ca2a7a4eaec5a61257b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b19b49dd8f29ca2a7a4eaec5a61257b_JaffaCakes118
Size

6KB
MD5

3b19b49dd8f29ca2a7a4eaec5a61257b
SHA1

5b1a565d7d71807d2b64ac9878965bb1a647e820
SHA256

a8c2baf2ac584ef0e51132df6a58bd90d6e38110141e106f72798062e0b43614
SHA512

cf773e783c4687211d909107464cc1a1f14b89d07c8edf18347c3156cdfe562ecd5b7305311b5caed324347cb634afc32ab2be19cfd7b34ad93ce8a9c55ca74e
SSDEEP

48:qMf9QbpBv+cKAoIQOQCw4jyOPTSjt4YE0COxrhjJgwdQCKt5l91g+wteG70QLRe8:+N0IVQC1jyOY4Oxrhj76GH7TsOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b19b49dd8f29ca2a7a4eaec5a61257b_JaffaCakes118

Files

3b19b49dd8f29ca2a7a4eaec5a61257b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

148202ede319c3d7e0a0d7f6cf8a8613

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
MmGetSystemRoutineAddress
IoCreateDevice
ExAllocatePoolWithTag
wcscmp
ZwOpenKey
_except_handler3

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 298B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ