c506f78dcb8a219b1d7fc8230aa305a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c506f78dcb8a219b1d7fc8230aa305a5_JaffaCakes118
Size

76KB
MD5

c506f78dcb8a219b1d7fc8230aa305a5
SHA1

fb41dc385d4550e50bbc70adc8ce11ac6717b2e1
SHA256

e94efc885aa315b28307d1f95d2b7ed3199b02dcc5316469af0531dfa5307e77
SHA512

dd505659f45651f2395228fd6bf3ca38de2dd64f643dee8cefa7ca01e71afbf9165bddb8fe9fea06ffa8d7a2288455aaaf4fe31071d44c8aee9c8a085d4a22be
SSDEEP

1536:EGbtk9NL1vtpun4OWd2Xl2rqQGdjWeIl:EGbtkz1vtpun4OK8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c506f78dcb8a219b1d7fc8230aa305a5_JaffaCakes118

Files

c506f78dcb8a219b1d7fc8230aa305a5_JaffaCakes118
.sys windows:5 windows x86 arch:x86

8a0746fa00a9757b8156957f652e26c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
PoCallDriver
NtQuerySystemInformation
ExQueueWorkItem
MmUnlockPages
KeInitializeSpinLock
IofCompleteRequest
IoAllocateWorkItem
ExFreePoolWithTag
KeLeaveCriticalRegion
MmMapLockedPagesSpecifyCache
RtlFreeUnicodeString
RtlCopyUnicodeString
ZwCreateFile
ExAllocatePoolWithTag

hal

KfLowerIrql

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ