6f9e6e874fd74ee6dd0bbecde9d3f795_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f9e6e874fd74ee6dd0bbecde9d3f795_JaffaCakes118
Size

5KB
MD5

6f9e6e874fd74ee6dd0bbecde9d3f795
SHA1

70f6a57af29fbcc06e451ccc2e4d136b3b2b1c46
SHA256

9365fa72913aea3c6bff4e55160a5e0586bdbecd6c85d9fdcc254f5b31a63cc9
SHA512

6c114215e0f11e27dc5d0f46702cfdfd90b542221dc07dfedd5215c54ec6c7a686deb422ecd46fa16835dea5ce465df29b9563a38ca524589a612ff2b35f2a84
SSDEEP

48:iJXe7e7+NXeYag0nP8/Ba6HCHUz/Kv2OQ6RTE7KnfNVyDhqug:SHyReFgS0/Ba1UOOCTKFV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f9e6e874fd74ee6dd0bbecde9d3f795_JaffaCakes118

Files

6f9e6e874fd74ee6dd0bbecde9d3f795_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3877908deca091a745bc0a759a0ba7d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workingfolder\7faw05us\source\src\awaysys\objfre_wnet_x86\i386\ProcDD.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ZwOpenProcess
ZwOpenThread
KeTickCount

Sections

.text
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ