082f5388f32725c59f3c71b6d1d040f1_JaffaCakes118 | Triage

Sharing

General

Target

082f5388f32725c59f3c71b6d1d040f1_JaffaCakes118
Size

3KB
MD5

082f5388f32725c59f3c71b6d1d040f1
SHA1

049e6586afe158396ee0dbddd231a041ae5ad345
SHA256

e23be85ae4757721e278b9a76de036ad1260f4651510435ed9decd96a5aa13ff
SHA512

432150a635cfee1ce4b94ef57cc34f870b2e44b8ad490c39171c0a009a434c23e43c7ada92418775a55762613680f4ccb9e24e1ca3c68289d2f763f7cf5fa76c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
082f5388f32725c59f3c71b6d1d040f1_JaffaCakes118

Files

082f5388f32725c59f3c71b6d1d040f1_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f71a5161f76cba557a3cd63a0d0af2e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
IoDeleteSymbolicLink
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
PsTerminateSystemThread
IofCompleteRequest
PsGetVersion
KeServiceDescriptorTable
ObfReferenceObject
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ