0907292986e05a8752bc1863556d229e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0907292986e05a8752bc1863556d229e_JaffaCakes118
Size

58KB
MD5

0907292986e05a8752bc1863556d229e
SHA1

30f63b8cae41a97456a82131c4577a2020697b89
SHA256

742a3c8c0a3601af29daffb966e947334d4f20501e5568b9c9fbf4c3526b4b84
SHA512

8b86c670904dfda0e615791394c5960c38bb554a157d0ccd9993f638abd6f52164762820ab5876bd98513d3a089bab1cbfb0a329c8ac5f9b55ab96db8efee3e3
SSDEEP

768:3WBgmdQIb3+Q9y6f/PlsQvuKiOMqAO9o4HgI31phAk2C+4v0fjgduYKukrALxY:3WBdR3+Q9hXPayDAOnL3ik2Rf2utxwx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0907292986e05a8752bc1863556d229e_JaffaCakes118

Files

0907292986e05a8752bc1863556d229e_JaffaCakes118
.sys windows:6 windows x86 arch:x86

fe2c672741a72d2bd20af0c4ce9545b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\containing\is.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeInitializeDpc
IoSetFileOrigin
ExFreePoolWithTag
KeGetRecommendedSharedDataAlignment
RtlHashUnicodeString
memset
ZwDeleteKey
RtlGetVersion
KeTickCount
KeBugCheckEx
KeGetCurrentThread
RtlInitUnicodeString

hal

KeGetCurrentIrql

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ