c2996856b90927c1d19a292c35fc68f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2996856b90927c1d19a292c35fc68f1_JaffaCakes118
Size

5KB
MD5

c2996856b90927c1d19a292c35fc68f1
SHA1

7384a0aecade878af50812fabfdf8c58cad03628
SHA256

797a9eb5d8b6e7b63173a538c164237be7d546f110c39490347913b0456e28ab
SHA512

1075a2c7f9570b74917de32efc8df824cb492099641ab6a6296d4148aff55bba2e19af7eaed2f63c0c7f5eaefbd42aa677149603622b54cf46c70f70033188b7
SSDEEP

96:GuUQDy437oVd2NuRTKbP6KAmdBZffZatKQMwSHCAYDnyCrAP/sFR:HUQm4roVMNBXbhfZcKDmyCrUM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2996856b90927c1d19a292c35fc68f1_JaffaCakes118

Files

c2996856b90927c1d19a292c35fc68f1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

073b7b3fb5a924b1ab28cd9f4551c41c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
ExFreePool
strncmp
strncpy
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
ExAllocatePoolWithTag
IoDeleteSymbolicLink
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 480B - Virtual size: 454B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 288B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ