b58082a93762138aaecbc61ea5b5bb12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b58082a93762138aaecbc61ea5b5bb12_JaffaCakes118
Size

35KB
MD5

b58082a93762138aaecbc61ea5b5bb12
SHA1

edf49b56008c3fbab3e0b9c2a855edd7053577e3
SHA256

772496f137525814cd690329f2be24faff74a0063c3e74bab0b56b63e6cc95d0
SHA512

6e72bfed0ef7d4576396b1943412580a96d4b3579c449dc175648f8e2489aa3e0e838ddc2eed95981db73c489e5b80654646ca604d1a283b5adea7ab56649afe
SSDEEP

96:78l98l4hNl9lg6e5e6ZogdpQqazCDePf+ucuBgtpzBJcueHFO0xUhoSkb/:49fb+N33Qqg+3uwXcNlTWIb/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b58082a93762138aaecbc61ea5b5bb12_JaffaCakes118

Files

b58082a93762138aaecbc61ea5b5bb12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5833ae8f073d20ae033f32b569e22553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
IoGetCurrentProcess
strncmp
ExFreePool
RtlCompareMemory
DbgPrint
ExAllocatePoolWithTag
RtlFreeAnsiString
sprintf
RtlUnicodeStringToAnsiString
strncpy
KeServiceDescriptorTable
ZwQueryDirectoryFile
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 518B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ