49eeb4aac75a5c165df5d1208ac4ab97_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49eeb4aac75a5c165df5d1208ac4ab97_JaffaCakes118
Size

61KB
MD5

49eeb4aac75a5c165df5d1208ac4ab97
SHA1

e8f920e14c0ed9df9f93e6e7c81a6f5e7ee28812
SHA256

2715d166fe51078ae0cb74664c370de1b56b71f81b9fb24b2186ce71f58570c2
SHA512

c6f1f5c4b68feaae9b94df1cbe3da04ab1ac65ac503a291d1b7c868235be3c95c50163c4e2a5d78d9225ca597c21d2020c834e2d5af0949049eb504c56879cba
SSDEEP

1536:E++cqj2fluCvZoh2NN1Zeosz1cLe/7EsdRJ:Fm2fIo+k1ZeoszSSTEsdRJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49eeb4aac75a5c165df5d1208ac4ab97_JaffaCakes118

Files

49eeb4aac75a5c165df5d1208ac4ab97_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4b83aae50e2e67d5014be126a21c1cc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDiskDeviceObject
IoFreeIrp
InterlockedExchangeAdd
PsReturnPoolQuota
ExAllocatePoolWithTagPriority
PsChargeProcessPoolQuota
RtlCopyUnicodeString
RtlCompareUnicodeString
MmResetDriverPaging

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ