dbc018d7b5c19304f7043a7858244555_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbc018d7b5c19304f7043a7858244555_JaffaCakes118
Size

19KB
MD5

dbc018d7b5c19304f7043a7858244555
SHA1

69707286f4bf5036653651b121bc91256d9f8c40
SHA256

19bc144a6b0b9c5ca23104f3aedf4a66d3a2dca9fecc98d5437997a9964bc66b
SHA512

91807a30ecd0d45b8597ff370b4736fff91118f844f145f0f9f77cda3e757c8903c9aaddc92e62367f8e931af0730bb521c853eea745c5b46808f42f6d9ed640
SSDEEP

96:cfPYksYq2UwXBnRGmjqJtRHbYKxhKYikNibGgdhNiNhYNce3uoeysbSm:ysFJ+RGDJbYKxgYiiiikah4cegysem

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbc018d7b5c19304f7043a7858244555_JaffaCakes118

Files

dbc018d7b5c19304f7043a7858244555_JaffaCakes118
.sys windows:5 windows x86 arch:x86

6cd117441379f626482feeb81c0e5e52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
ZwClose
atoi
strchr
strncat
strncmp
ZwReadFile
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
strncpy
strstr
RtlCompareMemory
RtlUpperString
RtlInitUnicodeString
ZwDeviceIoControlFile
ZwQueryDirectoryFile
IofCompleteRequest
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 690B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 544B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ