2a65046feb272b7b5bd825a0a0e57c53_JaffaCakes118 | Triage

Sharing

General

Target

2a65046feb272b7b5bd825a0a0e57c53_JaffaCakes118
Size

161KB
MD5

2a65046feb272b7b5bd825a0a0e57c53
SHA1

aa439264a10cd54245cf8fde1e6f7d894de0642e
SHA256

d9c44546221acb7ad6df7b7a5e361db4440ecaeb9758f912edb75f88cd05ffed
SHA512

b16ba7aec34fc563dfce03e8d69b4c168b4b20fb391ac8ae573382978b09c9ef36053eefdd6444450102882f9b957606306b4e7d210d51471310b52cc60aa467
SSDEEP

3072:3AtBAWipn7pMYmQHPR0255x/X1lSviz22Ivae/hA0z8yAdU+g6:3AtGBpHjiiq2IvN/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a65046feb272b7b5bd825a0a0e57c53_JaffaCakes118

Files

2a65046feb272b7b5bd825a0a0e57c53_JaffaCakes118
.sys windows:5 windows x64 arch:x64

4acd59d923a342c707d07486fcbcc99b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\mydocs\project_ata\src\#driver\core5\target_x64\amd64\viamrx64.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
RtlInitUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
strncpy
MmGetPhysicalAddress
ExAllocatePoolWithTag
ExFreePoolWithTag

scsiport.sys

ScsiPortGetUncachedExtension
ScsiPortInitialize
ScsiPortValidateRange
ScsiPortGetDeviceBase
ScsiPortSetBusDataByOffset
ScsiPortGetBusData
ScsiPortNotification
ScsiPortLogError
ScsiPortGetPhysicalAddress
ScsiPortStallExecution

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�"�oc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ