c1f87d0b1355f2939751220d5581fac0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1f87d0b1355f2939751220d5581fac0_JaffaCakes118
Size

18KB
MD5

c1f87d0b1355f2939751220d5581fac0
SHA1

57cadfe5d6eb5648f5bcf0d37c5adae30ea006f1
SHA256

b38e38e6c8456f9841ca6b8aa8e16623df6958c1265ef716eb904f144e9441b3
SHA512

2c25164c9a6e7ae60886d91dc213dfa06098ec6dca4c830d3ad547704a90a9b06426e340c549d416ac2f1653020f9387ff7f490536c86ed0ea8c3c1d49f9d24e
SSDEEP

96:hUsYn0TLheO1AfPTHgOH/lCzQXHZVuc9gJ29g8a9x+:hNYn0TLgOefrHn/Vjj/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1f87d0b1355f2939751220d5581fac0_JaffaCakes118

Files

c1f87d0b1355f2939751220d5581fac0_JaffaCakes118
.sys windows:5 windows x86 arch:x86

104fd576b2ee54875aeec84ff3acb046

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
strncmp
IoGetCurrentProcess
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink

Exports

Exports

m_regs

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 352B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ