15485fbe448e16aa9d5dcbd01a2a4d86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15485fbe448e16aa9d5dcbd01a2a4d86_JaffaCakes118
Size

2KB
MD5

15485fbe448e16aa9d5dcbd01a2a4d86
SHA1

2f1101831bc4bfa919b652bc01aa4438416a7d7a
SHA256

e0af2690d6c85a8787b2187d596b5370cb9db45b0a30a5abffb6be29cf733ea1
SHA512

a4ee1b16ca72b10b29cc8f23da9e9ad1c0a3213d08a8bfe29245c34864d639e18407610c9ea7557e41d89d3f359b1154f486f6986b93d916852ac1f13a4d29ad

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15485fbe448e16aa9d5dcbd01a2a4d86_JaffaCakes118

Files

15485fbe448e16aa9d5dcbd01a2a4d86_JaffaCakes118
.sys windows:4 windows x86 arch:x86

325302e9e6a3393750d6e87a24af833e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwQueryDirectoryFile
ZwAllocateVirtualMemory
RtlCompareUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 400B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 288B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 224B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ