865f8a57f250765ec8f56702b49d5619_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

865f8a57f250765ec8f56702b49d5619_JaffaCakes118
Size

6KB
MD5

865f8a57f250765ec8f56702b49d5619
SHA1

0eda2040317936e772d502a54aa3f6d6117b384f
SHA256

b42c6b4f0986e5bbec55655b0cbf02bfffad14e51485261acb4e0e79619829be
SHA512

db1cf7a591214655ce1bca1fb6e9115bf40daefdbc400327379f30b9c3b77e40f18bf1f1e4f4f405ab1de175256a5d46f2d26958e738b1fbd36b8a3c17d087ff
SSDEEP

96:+TwfWscU04dYhqBEdfI6fpMxofKYwDiZK/fzLKMhdcspOJ1b2MNiWxZwUyV1aTap:MwZcU04dn+djhMyC1z9ry1b2axZXZap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
865f8a57f250765ec8f56702b49d5619_JaffaCakes118

Files

865f8a57f250765ec8f56702b49d5619_JaffaCakes118
.sys windows:5 windows x86 arch:x86

1e484aa476e511cfea3b69315ca5ad42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\myproject\sys\ssdt\i386\RESSDT.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount

Sections

.text
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ