fa91c8e5076bfb4af67b457b718b8a13_JaffaCakes118 | Triage

Sharing

General

Target

fa91c8e5076bfb4af67b457b718b8a13_JaffaCakes118
Size

6KB
MD5

fa91c8e5076bfb4af67b457b718b8a13
SHA1

12907012e0abe4a3284f5d5137ff7c36159a632e
SHA256

34d9ef04ff8c58c29e06a9bdf76b621b58a1be996c7711d77695103547db102e
SHA512

6b078bce56d9e4ca6df1eb04717a0ef985641028be9628f887753e8643f867c8fd82b1cefa78790ce5478bf633f2360b92de5c211749f0bf7c491bbd6df55158
SSDEEP

192:rxSSSSSSSSSZLz9LcXTh/Y7sPwbkQO0+11nNIfxhHzxVjun:A9LcXTla4wbhxhzyn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa91c8e5076bfb4af67b457b718b8a13_JaffaCakes118

Files

fa91c8e5076bfb4af67b457b718b8a13_JaffaCakes118
.sys windows:4 windows x86 arch:x86

325302e9e6a3393750d6e87a24af833e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwQueryDirectoryFile
ZwAllocateVirtualMemory
RtlCompareUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 288B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 592B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ