05605e2b50255e1581e8b33b34ad3147_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05605e2b50255e1581e8b33b34ad3147_JaffaCakes118
Size

447KB
MD5

05605e2b50255e1581e8b33b34ad3147
SHA1

038814e86fa10b1129a6715b0c989be5eb038fcb
SHA256

d67bddfe87238786220da082c311cc8ffdf99e8812f21eb552a7ab4192931227
SHA512

0c0da84bf06c217acb9531e94809e2a909ecda6a0a6cbe9a3ff7d2aa85978c70408db0d4b64e85cdbaf18fa82b2b8181e185b8f0f72478528b6ad3ca81c48632
SSDEEP

12288:9T8XPKCLhuXKdatGqvGPUu7MhtGB4dd/Kbr:gKCLUGPUu7ctGBok

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05605e2b50255e1581e8b33b34ad3147_JaffaCakes118

Files

05605e2b50255e1581e8b33b34ad3147_JaffaCakes118
.sys windows:4 windows x86 arch:x86

7cd129c8e2e39c6fbcc370fe42a1dd83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyRangeList
IoFreeIrp
InterlockedExchangeAdd
PsReturnPoolQuota
ExAllocatePoolWithTagPriority
PsChargeProcessPoolQuota
RtlCopyUnicodeString
RtlCompareUnicodeString
MmResetDriverPaging

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ