9a69942d51af2a3e5f4f40cb454e6bdb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a69942d51af2a3e5f4f40cb454e6bdb_JaffaCakes118
Size

138KB
MD5

9a69942d51af2a3e5f4f40cb454e6bdb
SHA1

288558d277df8abb0722c8fa07d96af56164db3d
SHA256

11e152df636246180cd0f30e48e162fd623390aa42fc8e2e08eee6017e89815d
SHA512

bd3d7ec8b24252624053249a593ac2d3a086a6a374b0e99ccec5de2fe5b3be262ef9d125099dfe64b8f304a805372b7043ff70795c89b34f9d6591641e1f8d44
SSDEEP

3072:DRaC7E/vcUYvuE9y58d+ZGo3Kp7zkQ2Y4RYF:+vcdmwyi3oQ7zXF4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a69942d51af2a3e5f4f40cb454e6bdb_JaffaCakes118

Files

9a69942d51af2a3e5f4f40cb454e6bdb_JaffaCakes118
.sys windows:6 windows x86 arch:x86

390e8302c7478a69e5aee5620866542f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

PsLookupProcessByProcessId
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfLowerIrql
HalMakeBeep

fltmgr.sys

FltIsDirectory

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abb0
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abb1
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ