4882e371b263907538feb39e20949246_JaffaCakes118 | Triage

Sharing

General

Target

4882e371b263907538feb39e20949246_JaffaCakes118
Size

744KB
MD5

4882e371b263907538feb39e20949246
SHA1

6d84781b5950c376eb294876da1ed60f93f69780
SHA256

5875e6883b1821b88cf511765cc65e6469b5ff0d69dbc04db13dee5a1e5dcc07
SHA512

22358e828aa66e731370d9968ff869783ca522e51e6c4bcebef5f29b590a2ef84a4fefe61a61082456984279e140dd5bbfdb3552f935995c0551f6da0ece50f0
SSDEEP

12288:ZtbunEls2rhLHSaUpqVVyFpshlb6KpRZYIlNnUYorDSsUesc+jmpq3z:ZlGEls2ZHSaUpRmlWqRZ5luYLHesc+X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4882e371b263907538feb39e20949246_JaffaCakes118

Files

4882e371b263907538feb39e20949246_JaffaCakes118
.sys windows:4 windows x86 arch:x86

501bdf821db8537d851a19f60b5d9c3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDetachDevice
IoOpenDeviceRegistryKey
IoBuildDeviceIoControlRequest
KeSetTimer
ZwSetValueKey
PoRequestPowerIrp
KeInsertQueueDpc
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
KeResetEvent
ExDeleteNPagedLookasideList
ZwCreateFile
MmUnlockPages
KeRemoveQueueDpc
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ