364257692e4eb6775fa62601636b5f9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

364257692e4eb6775fa62601636b5f9a_JaffaCakes118
Size

50KB
MD5

364257692e4eb6775fa62601636b5f9a
SHA1

12789825fa9ecf7c7f07e00d374ce1a9370de81d
SHA256

31e899590fa5c0e5743e83735d5ad403bb6be7b0b760b9064678fe305b9662a0
SHA512

04c2f1270cca01aedbf6fc0adc0e62b5975823c50b45fc292dd8971013ca4e0b0e81f32dbcff2f21565b1d42cde3278c7f74f4f4798554e51d89a832ac66e275
SSDEEP

1536:2CdhCIxLy2TVPQataNoQVYLfFnhufR57Z:2oyTaE8fFnhupP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
364257692e4eb6775fa62601636b5f9a_JaffaCakes118

Files

364257692e4eb6775fa62601636b5f9a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4117afd330e8bf2734cade14e219ded3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDeviceObjectPointer
ExAllocatePoolWithTag
IoFreeIrp
wcslen
ObReferenceObjectByHandle
ExAcquireResourceExclusiveLite
IofCompleteRequest
ProbeForWrite
ExfInterlockedInsertTailList
IoAttachDeviceToDeviceStack
ZwQueryValueKey
MmProbeAndLockPages
IoOpenDeviceRegistryKey
ExFreePoolWithTag
ObfDereferenceObject
RtlCompareMemory
KeEnterCriticalRegion
ZwClose
PoCallDriver
MmUnlockPages
RtlInitAnsiString
KeQueryTimeIncrement
DbgBreakPoint
PoSetPowerState
NtQuerySystemInformation
KeTickCount
ExDeleteNPagedLookasideList
KeReleaseMutex

hal

ExAcquireFastMutex

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ