ea9cc1b02368b3468535a21fe685c98d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea9cc1b02368b3468535a21fe685c98d_JaffaCakes118
Size

50KB
MD5

ea9cc1b02368b3468535a21fe685c98d
SHA1

b0fa86d86f9a4fd0ce596ae92aeb8a0e1f8eed5c
SHA256

5e1ca952d31945e2cba0a3b1778e9788a78174a328eb7b9a76013bf7900d28f6
SHA512

d87682a187b2546a24985253f0a7f8cc61d073b5514ae9be2aa01db8b72cc6803011a9ca94cc3d5bab3330339f06086fcbbb4cb12bad9a65a3d7febb23f912f4
SSDEEP

1536:qCdhCIxLy2TVPQataNoQVYLfFnhufR57Zgs:qoyTaE8fFnhupPgs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea9cc1b02368b3468535a21fe685c98d_JaffaCakes118

Files

ea9cc1b02368b3468535a21fe685c98d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4117afd330e8bf2734cade14e219ded3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceObjectPointer
ExAllocatePoolWithTag
IoFreeIrp
wcslen
ObReferenceObjectByHandle
ExAcquireResourceExclusiveLite
IofCompleteRequest
ProbeForWrite
ExfInterlockedInsertTailList
IoAttachDeviceToDeviceStack
ZwQueryValueKey
MmProbeAndLockPages
IoOpenDeviceRegistryKey
ExFreePoolWithTag
ObfDereferenceObject
RtlCompareMemory
KeEnterCriticalRegion
ZwClose
PoCallDriver
MmUnlockPages
RtlInitAnsiString
KeQueryTimeIncrement
DbgBreakPoint
PoSetPowerState
NtQuerySystemInformation
KeTickCount
ExDeleteNPagedLookasideList
KeReleaseMutex

hal

ExAcquireFastMutex

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ