4cfcf3a8759bea6f8d9beae382c281e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cfcf3a8759bea6f8d9beae382c281e2_JaffaCakes118
Size

1KB
MD5

4cfcf3a8759bea6f8d9beae382c281e2
SHA1

fb3492fdebdf7073e7c041816d571f9ff47f7aee
SHA256

0c5f719424edd1e3551e05a5f1c7cae1b1df90993bfdd7e7f71e0a2edc841ffc
SHA512

de480b16cff87c97b67836384e22268c5acc49f05214d54877badad886d552dcd4d885e3cdc7ad7df9980a35e4384bf12fc90192cddefb769293787ffd89ba07

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cfcf3a8759bea6f8d9beae382c281e2_JaffaCakes118

Files

4cfcf3a8759bea6f8d9beae382c281e2_JaffaCakes118
.sys windows:5 windows x86 arch:x86

c188c9d8c634d271b4ee99cfda1109b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoDeleteDevice
DbgPrint
IoDeleteSymbolicLink
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString

Sections

.text
Size: 416B - Virtual size: 392B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ