970520f512eb94570943963591f838a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

970520f512eb94570943963591f838a8_JaffaCakes118
Size

2KB
MD5

970520f512eb94570943963591f838a8
SHA1

556e260d6daabfe6f0ae99d8ed3eba82d08801a8
SHA256

d0e6a18b9f2a300bd5664b7ef1fab2b1f1c44eeb4e7d1ec3012c70c8d3562146
SHA512

8fa4f031926db15770dfea8891d173d395356b022b0e25d9fe5548be0a21a1bece3ad23265a58f7d0c3ea139ca41bb48968c124fab5c5fb330a313a9e74af7a7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
970520f512eb94570943963591f838a8_JaffaCakes118

Files

970520f512eb94570943963591f838a8_JaffaCakes118
.sys windows:5 windows x86 arch:x86

72ad8a6a08d62d7ab3f472633043d738

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\MyRoot\hfssdt\i386\LoveSbl.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
DbgPrint
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3

Sections

.text
Size: 896B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ