a1326027af8a7afaf241f1ccd576ddcd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1326027af8a7afaf241f1ccd576ddcd_JaffaCakes118
Size

4KB
MD5

a1326027af8a7afaf241f1ccd576ddcd
SHA1

cfa7aead8fcb6cfd5b54c972d345c994280b0fc2
SHA256

436bce4a6d864cf1a068a287d9945af1f7ef65f2ed8c5ec4784d573068b122a1
SHA512

4ad8c1c5d21169d874991a1df9c73facbdedc2dce7e6c829b19de842ba696bb93d7ccafc6bd01e442bc32a4ed3c8d39877ccd330f57aa7988dfcf3331997755d
SSDEEP

48:HtCSUbGEYnPH7bPKan0oJLc5dm4zk3B2MjRHR6Flyd2gOwABhVzB0DZf:HNLESLfn0oxc1/8pG6y4F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1326027af8a7afaf241f1ccd576ddcd_JaffaCakes118

Files

a1326027af8a7afaf241f1ccd576ddcd_JaffaCakes118
.sys windows:6 windows x86 arch:x86

07ab1cbed45ec57fff7df0ac91b4a085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\demo\_darkshell\i386\DarkShell.pdb

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
DbgPrint
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateDevice
memmove
memcpy
KeTickCount
RtlUnwind
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ