431d125fcb3bd98d1aa94a696da30e34_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

431d125fcb3bd98d1aa94a696da30e34_JaffaCakes118
Size

2KB
MD5

431d125fcb3bd98d1aa94a696da30e34
SHA1

a78fea426ed7461fc8fdd36f65ca9ef33857ee77
SHA256

ed38c705395baed9c19ca806adc443551163e22db6b4249a834a7e942a3aa0c3
SHA512

c67e47b2ae8e3a311ae07d7b6a678d07c4f07fb703c24ee594cce30985cc920c96b5d6a985857a55976a467928681458a127ce46b81fd459311f4626f070ef1a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
431d125fcb3bd98d1aa94a696da30e34_JaffaCakes118

Files

431d125fcb3bd98d1aa94a696da30e34_JaffaCakes118
.sys windows:4 windows x86 arch:x86

b6d08cc1950cbb580ee9dc8873781b91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceObjectPointer
IoDriverObjectType
IoCallDriver
ObReferenceObjectByName
ObDereferenceObject
IoBuildDeviceIoControlRequest

ndis.sys

NdisRegisterProtocol
NdisDeregisterProtocol

Sections

.text
Size: 864B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 320B - Virtual size: 320B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ