67762b492ff3dd158dd05de719229292_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67762b492ff3dd158dd05de719229292_JaffaCakes118
Size

5KB
MD5

67762b492ff3dd158dd05de719229292
SHA1

ed593f19be52917f3075960a8144750f81e9d42c
SHA256

9f542acadb52f1d7a0b64905368ea13b018127d9ca6d73329a5b8406a0e7392e
SHA512

4f6feb831d7c399ef8ee34727c25de13a85126badc825b67beff4f018651189b69a30b4f3e3d545d448db818dabab22487c650364222118d5d0830d387120c7a
SSDEEP

96:UigKVnlbou4CNf9qAyrgPBX/MRwqJU3PM8H3lt2hBzJ/w/sw39JCr:UTKrrNf9qk1/L3PrXlIzK/swtJC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67762b492ff3dd158dd05de719229292_JaffaCakes118

Files

67762b492ff3dd158dd05de719229292_JaffaCakes118
.sys windows:4 windows x86 arch:x86

cdab88fe925b8651fe8f34e7ff86924f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
IoRegisterDriverReinitialization
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByName
ZwAccessCheckAndAuditAlarm
ZwClose
ZwOpenDirectoryObject
MmUserProbeAddress
KeServiceDescriptorTable
IoDriverObjectType
DbgPrint
IofCompleteRequest

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ