a1d19ed2893f9d72021e79adfa0b8992_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1d19ed2893f9d72021e79adfa0b8992_JaffaCakes118
Size

3KB
MD5

a1d19ed2893f9d72021e79adfa0b8992
SHA1

7aee8f444ed067eac56e3d9f157192a4d0b37fef
SHA256

ee713dc776ad96eae966957f479f59489682b7a820d53570c9350fb555e0df3b
SHA512

d4cec3ddbc41c4a8c4b3bcaedacd0bbdfa4f3e67ea3ce5879f62d0e7bbd9ff4225af02bfa6a91f1766cda6becd6b2903a7fb5bed3b130e5a21ea1e0110d791bf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1d19ed2893f9d72021e79adfa0b8992_JaffaCakes118

Files

a1d19ed2893f9d72021e79adfa0b8992_JaffaCakes118
.sys windows:5 windows x86 arch:x86

641d775c24ce60efbcf75200ef5132b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Driver\i386\Driver.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
IoDeleteDevice
IoDeleteSymbolicLink
ZwQueryDirectoryFile
KeServiceDescriptorTable
RtlCompareMemory
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsGetVersion
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ