2cb48b0585e714dd47d555db6885153d_JaffaCakes118 | Triage

Sharing

General

Target

2cb48b0585e714dd47d555db6885153d_JaffaCakes118
Size

5KB
MD5

2cb48b0585e714dd47d555db6885153d
SHA1

640030e777260edfa4a4b27937d9866d82b77c0b
SHA256

6c54b60c1f81c5a247fcaf02a219a6c0da0283248dbf93f17bdc5cd15a15b2e2
SHA512

ca5942dffed9f9ad3a88e2a2ad08e7bdecfed81e0f914be4b12093a1639829f94ac192768b25a0bfa8e9793d435686877a08ba64c4c95b6043c2616c8343c528
SSDEEP

96:r0dfqpvfU132d3ieuvMEi13MIqkq2TQxcAM0J1Vd:r04pvfWKgXiBMIqsTQxFpJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cb48b0585e714dd47d555db6885153d_JaffaCakes118

Files

2cb48b0585e714dd47d555db6885153d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7ff3a56730827598a02165b28e2784d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAddSystemServiceTable
ObDereferenceObject
ObReferenceObjectByHandle
PsGetCurrentProcessId
MmIsAddressValid
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoDeleteSymbolicLink
KeServiceDescriptorTable

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 416B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ