5c5331075b2f50e5b6f40ed650eb7813_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c5331075b2f50e5b6f40ed650eb7813_JaffaCakes118
Size

5KB
MD5

5c5331075b2f50e5b6f40ed650eb7813
SHA1

3cb4341024f57f22e809f95dc33af3c82c9e8a20
SHA256

5c7e6cb8691fe748357f00ea06bfeba6586e8791ab7fd8e0624a79f7bcbff14a
SHA512

646facbf94f86850759752d8987f9ed418009d1b58bb47f616136ff15c61f054b0dba2454ea5ff07f8cc3556a74f808f364ac8be1bd06e7468208dce884a0daa
SSDEEP

96:7igKVnlbou4CNflCT3AyrgPBX/MRwqJ3Li/krVTJ/w/sw39JCr:7TKrrNflCT3k1/R4VTK/swtJC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c5331075b2f50e5b6f40ed650eb7813_JaffaCakes118

Files

5c5331075b2f50e5b6f40ed650eb7813_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cdab88fe925b8651fe8f34e7ff86924f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoRegisterDriverReinitialization
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByName
ZwAccessCheckAndAuditAlarm
ZwClose
ZwOpenDirectoryObject
MmUserProbeAddress
KeServiceDescriptorTable
IoDriverObjectType
DbgPrint
IofCompleteRequest

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ