9fc914dbe522aad153f9512a7565cdef_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fc914dbe522aad153f9512a7565cdef_JaffaCakes118
Size

3KB
MD5

9fc914dbe522aad153f9512a7565cdef
SHA1

30f8ecb09877632f91979b59e212b1edba28e1f5
SHA256

51b16e0b8f16a81135724a5f3b9aada14dcc30c38c2c55f1b4c7265f15664731
SHA512

c1ac6dc8d260a0cd94204109abec191d1b708aa6dfae68c9a7265c5ed5d8b6b85d6eb609b687a4d43c564eeac42754a99fab03d53ed1c3377a8f37019ab51665

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fc914dbe522aad153f9512a7565cdef_JaffaCakes118

Files

9fc914dbe522aad153f9512a7565cdef_JaffaCakes118
.sys windows:4 windows x86 arch:x86

94e4e2e53fbcb82f1886212a43681b90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetInformationFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
ZwEnumerateValueKey
ZwOpenKey
RtlInitUnicodeString

Sections

.text
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ