b7ceef55672357c9bf698d49628df743_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7ceef55672357c9bf698d49628df743_JaffaCakes118
Size

663KB
MD5

b7ceef55672357c9bf698d49628df743
SHA1

e51c594b7fa068bad6219af6241e11e5deccb5c9
SHA256

31243d5213a36abfb83f0451027c2fcb9ba9190e66024eba080b5611203b6aed
SHA512

936b837ddbfb8f8583a6eb3b7b8ad1209344a06f22697685ac19ec01943133a2c6a8f249cbed969d2a5db184c7017aefdd33dbf1a6d936aba7b50ca77689bbb5
SSDEEP

12288:nrE96Y0N7ElOtUP+du5ETLfIRMbkYjkvSKn4oO7DKNRXx7d76nNj/S:nw9697aOtldljIRMbk3SK4x7WNLcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7ceef55672357c9bf698d49628df743_JaffaCakes118

Files

b7ceef55672357c9bf698d49628df743_JaffaCakes118
.sys windows:6 windows x86 arch:x86

d9c024b5d232515accc9a32f0aa8c785

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

RtlImageDirectoryEntryToData
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfAcquireSpinLock
HalMakeBeep

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bmm0
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bmm1
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ