eb5a77a98a8ff786b6da782b2b5abd32_JaffaCakes118 | Triage

Sharing

General

Target

eb5a77a98a8ff786b6da782b2b5abd32_JaffaCakes118
Size

100KB
MD5

eb5a77a98a8ff786b6da782b2b5abd32
SHA1

0e67581401146f2587665bc9fbbcefd1c4bd9d69
SHA256

03e3431c40c32bdd781baee4d8be206bf902e2f96dba4cbd9ac4142342f528bb
SHA512

7cfc2ac4d6389ad672c1ce2732484fa34046c8547a585ef3d396dac105a44a67b1d50cd095480f8e299df57cb42b7ea865a5a10d3ea65b90973dd56f05ab244c
SSDEEP

1536:fyr7mpPjy5kxtkgJlqCaL1WFsHICif5YEIAI7jHDpEJOw+XaZwMjKye:u7cjBlif1g+INf5YdAchwWM3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb5a77a98a8ff786b6da782b2b5abd32_JaffaCakes118

Files

eb5a77a98a8ff786b6da782b2b5abd32_JaffaCakes118
.sys windows:5 windows x86 arch:x86

38f8a1f595f8172951a55973008372b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
IofCallDriver
IoAllocateIrp
DbgPrint
memcpy
IoGetRelatedDeviceObject
IoDeleteDevice
IoAttachDevice
IoFreeMdl
IoAllocateWorkItem
KeInitializeMutex
KeInitializeEvent
ExFreePoolWithTag
ObfReferenceObject
IofCompleteRequest
IoFreeIrp

hal

ExAcquireFastMutex

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ