bc942a2980c46e28d6cf6b38b862b18c_JaffaCakes118 | Triage

Sharing

General

Target

bc942a2980c46e28d6cf6b38b862b18c_JaffaCakes118
Size

5KB
MD5

bc942a2980c46e28d6cf6b38b862b18c
SHA1

fed4504320a23681c83ffb4c16edd7a0184b391f
SHA256

9f2a1d7b9f9a22e352b08a73b4422c5ba59cee1b5fb4b7c50c8d9580f9264154
SHA512

e74537c2cf95abd84a4a163af07c3d2c902148865654d1f9062b0a0ddc6372bbe40538b755c2d297d5072d081bc0c5b14f17ed4142b63b70a99ce57ea14afcd2
SSDEEP

96:ZkPf8sFvg1nUGPeNW8yM+L/RuGo901Ozxbsa9W5GQUKPw16GGFlcws4+yT1:ZkPfVwU8DL11oRRDEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc942a2980c46e28d6cf6b38b862b18c_JaffaCakes118

Files

bc942a2980c46e28d6cf6b38b862b18c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

64c920d0d8eecd3df079bb1c111e2e7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlCompareMemory
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
wcscat
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 526B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ