02d78d6b4f8902a8f0714f7c7d98865c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02d78d6b4f8902a8f0714f7c7d98865c_JaffaCakes118
Size

2KB
MD5

02d78d6b4f8902a8f0714f7c7d98865c
SHA1

dc2ad9a7cdb9459bff7e0c9eec94da9a3a3ead4e
SHA256

dd21620b49ec6b8053eea904855775beda1969d546924b39a8c07e8d9881d18b
SHA512

5a5de0f4c4e7e32522707a1eb14a208b65dc4c7531d3c471f4f772f753936b36462f0ca7b60bceeca8a800052c40d8a5f7f066d3ab0f2832d9013edcbed035c8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02d78d6b4f8902a8f0714f7c7d98865c_JaffaCakes118

Files

02d78d6b4f8902a8f0714f7c7d98865c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4ca267531edcb8dd7ef89a9eb4c7c1c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeSetEvent
KeDelayExecutionThread
memmove
KeWaitForSingleObject
RtlFreeAnsiString
_stricmp
ObfDereferenceObject
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
IofCompleteRequest
MmUnmapIoSpace
MmMapIoSpace
MmGetPhysicalAddress
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 896B - Virtual size: 891B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 564B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ