eaa610914b158c3ff3a8bc5edf9d7b1d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eaa610914b158c3ff3a8bc5edf9d7b1d_JaffaCakes118
Size

8KB
MD5

eaa610914b158c3ff3a8bc5edf9d7b1d
SHA1

20ef9edefdac41ea70d69a8c72a67b6d712f1bcd
SHA256

e531d730fcc771adae18ea53ce273ac7c1cad40a92e72411e1770f0767a8db26
SHA512

a9f2713ed2f7e216e30bd582d46c3dbc6cca21ece381523cb09cd9bfd11f13c490417d5a834ed917e21305ea392aeb816d8a8749d1c418bf30f66cccead1f1c5
SSDEEP

96:zGdl2UFtYCWFT9Grh4TuTNiu2qhPy13xrNLLR8i3:zGdl224FT9GiKTNiuVha13DyC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaa610914b158c3ff3a8bc5edf9d7b1d_JaffaCakes118

Files

eaa610914b158c3ff3a8bc5edf9d7b1d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

68e03b1c3904d28bd581b35457d23f97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sys.pdb

Imports

ntoskrnl.exe

memcpy
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
memset
ZwCreateKey
IoDeleteSymbolicLink
IoDeleteDevice
ZwSetValueKey
ZwClose
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
ObReferenceObjectByHandle
ObfDereferenceObject
ZwOpenKey
PsTerminateSystemThread
ObReferenceObjectByPointer
_except_handler3

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 496B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 596B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 336B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ