4c0a00fc2278bbdbed961e775fac6723_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c0a00fc2278bbdbed961e775fac6723_JaffaCakes118
Size

6KB
MD5

4c0a00fc2278bbdbed961e775fac6723
SHA1

ad4ba6d01968b4856324a08f910e859397b188db
SHA256

7c1056a0fdb72a0a172ec0a930bc7c5023d560736d1c1dcc241c47fb1c2237db
SHA512

43bc886292b46b2d21f9da1f29a9034ebe8d959a1c0d7ae2a2ec18bf0f5a5df9f07c191b523695878c358dd222c792f77f4539143046221b63484df1573133d9
SSDEEP

192:VxQ7K8/tr1naSb95Al3j69On+4s3KpOAzHfG:VxQ7n75Al3jXn+Ar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c0a00fc2278bbdbed961e775fac6723_JaffaCakes118

Files

4c0a00fc2278bbdbed961e775fac6723_JaffaCakes118
.sys windows:4 windows x86 arch:x86

54ad4fd1aad5efeecef1bddb515cab81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedExchange
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IoDeleteSymbolicLink
IoCompleteRequest
ExAllocatePool
IoCreateDevice
ZwEnumerateValueKey
MmGetSystemRoutineAddress
IoCreateSymbolicLink
PsGetCurrentProcessId
ZwQueryDirectoryFile
ExFreePool
PsLookupProcessByProcessId
IoDeleteDevice
RtlInitUnicodeString
PsGetCurrentProcess
KeServiceDescriptorTable
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 249B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_INIT_
Size: 32B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 574B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 480B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ