8c5b58ed4c0475472d0a74fd08263384_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c5b58ed4c0475472d0a74fd08263384_JaffaCakes118
Size

7KB
MD5

8c5b58ed4c0475472d0a74fd08263384
SHA1

54b10c306a3f03a856ba56c4580127190f69337d
SHA256

40acf22ea67d3415d011a0c2a12b25c9d872787d06289852aced10132bbaf69f
SHA512

51746eeaea2ddb8d9e0548436904dce28cd6854dba6790085490ec888199cd60483bde5e8668506f2e68401ee6369590f52169d537905ac84d0f42426878d4eb
SSDEEP

96:oBhjxyb2MkLykMa59MZm3CTT/4bQoOe1wvsfkd4UCycR1xPpbAcC4cTUPh2Js1+r:oPFyb2Mk55CZmSTDISsfMcR1xBRp2J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c5b58ed4c0475472d0a74fd08263384_JaffaCakes118

Files

8c5b58ed4c0475472d0a74fd08263384_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1e11fa666ee6c637bc53a1203530ecb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlAnsiStringToUnicodeString
RtlInitAnsiString
memcpy
MmGetSystemRoutineAddress
IoGetDeviceObjectPointer
ObfDereferenceObject
KeBugCheckEx
KeWaitForSingleObject
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoDeleteDevice
memset
sprintf
_except_handler3
IofCompleteRequest
RtlEqualUnicodeString
IoCreateSymbolicLink
IoCreateDevice
RtlFreeUnicodeString

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 566B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ