dc820e6a20b04afda996a3aa67f06773_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc820e6a20b04afda996a3aa67f06773_JaffaCakes118
Size

7KB
MD5

dc820e6a20b04afda996a3aa67f06773
SHA1

ddb5f71394ac9ea4172c4724e91f802b187f514d
SHA256

95af7fcd3a024141a6a9b25b76169097c15899912117ec27f195146a51da1708
SHA512

757ea265f8688e07ec24b752c690adf970e078e257ec47016819fb44101ace6540d2148d803f51f492d8f6ba19172a9e0ef0b28290def5921462a26a362361c9
SSDEEP

192:BjhSFSSXQkgaPdJpBnxpDcBr1k2xLCzZkTbAZVf3:mgaPdJpcS2qZk/AZVf3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc820e6a20b04afda996a3aa67f06773_JaffaCakes118

Files

dc820e6a20b04afda996a3aa67f06773_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2ea70efe5194177a256c85371895c504

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwAllocateVirtualMemory
RtlCompareUnicodeString
RtlInitUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 656B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ