84f43d7e44acc9dc8c47848016c3eb28_JaffaCakes118 | Triage

Sharing

General

Target

84f43d7e44acc9dc8c47848016c3eb28_JaffaCakes118
Size

2KB
MD5

84f43d7e44acc9dc8c47848016c3eb28
SHA1

7c2860c2ddb4fd3ed29e83e7d29642fe56a6cfb2
SHA256

1527a37a9fa66e6f29d43df9252e2c8bd6fe10908f20536ee1137cfd50e17750
SHA512

e09b3c0d7e249624c25435d2d5d264a5fd8250b0ac979dc27069d29f43a17034ca5bc5b69aaa5782aa136d113dcfd65a5cd2315029db994fb815b3767fc3ac27

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84f43d7e44acc9dc8c47848016c3eb28_JaffaCakes118

Files

84f43d7e44acc9dc8c47848016c3eb28_JaffaCakes118
.sys windows:4 windows x86 arch:x86

183c23f8e4e918d0983b419b85bc2839

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
wcslen
MmGetSystemRoutineAddress
IofCompleteRequest
ZwTerminateProcess
ZwOpenProcess
_except_handler3
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 304B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 112B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ