bce257e850b56644687294085db5c6e5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bce257e850b56644687294085db5c6e5_JaffaCakes118
Size

41KB
MD5

bce257e850b56644687294085db5c6e5
SHA1

0e5479ff2200cdf4c3a24460cc2d9b89ab9b45b6
SHA256

335183e04a98c2e2422a827acab6d73b7cc6eccd96011e7c3620422efd65d754
SHA512

301c1f40a5a3eb68b7b36109a5c1710675233a99b16267da8b9c8f90aad85d1b10954180932aaa8aa3356b9e0d77975ff238010318540cc9f0b570c827f3127c
SSDEEP

384:IIuaNWOJWm0tTDsVK0x9NdWBaJOXIWk95g3onZV9dR/p6TJ/53tlHmzTGf89:IIrstkF7MYL95g3orTR/pWJjQzTGfy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bce257e850b56644687294085db5c6e5_JaffaCakes118

Files

bce257e850b56644687294085db5c6e5_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a4e1c861cb9f952ecd30a32661e448d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ghost\bleach\i386\BLEACH.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
KeQueryInterruptTime
_except_handler3
IoDeleteDevice
IoCreateDevice
RtlInitUnicodeString
RtlVerifyVersionInfo
KeTickCount
IoCreateSymbolicLink
IofCompleteRequest

hal

KeGetCurrentIrql

Sections

.text
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ