a74f8e9b93c6a8ec9d685e6497928a6f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a74f8e9b93c6a8ec9d685e6497928a6f_JaffaCakes118
Size

2KB
MD5

a74f8e9b93c6a8ec9d685e6497928a6f
SHA1

c4740f5b56c2a9caf0e4e006b915c2a0d6067511
SHA256

4ce0160a1ee64bb0078b79f2e9b014ed892e04f394572cda695af1293407463f
SHA512

be7f6e9e6bf96d7a591b51a9a335963e29e6aedf6e7a15a70a6a7ebc05115e98412241f8335e7e0115eb97f9abc4f7564d84af32625c827568c0a143110f94e1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a74f8e9b93c6a8ec9d685e6497928a6f_JaffaCakes118

Files

a74f8e9b93c6a8ec9d685e6497928a6f_JaffaCakes118
.sys windows:5 windows x86 arch:x86

1e484aa476e511cfea3b69315ca5ad42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sys\i386\RESSDT.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount

Sections

.text
Size: 640B - Virtual size: 592B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ