4d7c4e1e5b1f1cb6b8f61dfc9fa95cce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d7c4e1e5b1f1cb6b8f61dfc9fa95cce_JaffaCakes118
Size

44KB
MD5

4d7c4e1e5b1f1cb6b8f61dfc9fa95cce
SHA1

16f7682dd5f8756e0a54c97f2e2f17c787851e98
SHA256

ad8b2379c6fd945a272c0fafd6dea15b2eda980f4488100942bf8839c9321199
SHA512

3cdf1aee91d346e313faa44426401059df01858d1e51d2cf70d668b45e23920d489286b7ce21aa0f6f37bb7781f2ad2f5f2045ad9b9ceb9521a91d214c7b7ca3
SSDEEP

768:gCHiYdEwIpwOvIBFu89Ieg+kngajiK0k4JYIdrkIVt7Q5Cp:tuPIH/BlK0kgp37QA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d7c4e1e5b1f1cb6b8f61dfc9fa95cce_JaffaCakes118

Files

4d7c4e1e5b1f1cb6b8f61dfc9fa95cce_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5f63bccefa615bed8a97fb4b0a04921f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExUnregisterCallback
IofCompleteRequest
KeSetEvent
IoDeleteDevice
KeBugCheckEx
PoCallDriver
IoCancelIrp
IoDetachDevice
IofCallDriver
IoFreeIrp
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlCompareMemory
KeQueryInterruptTime
KeDelayExecutionThread
IoAllocateIrp
RtlCompareUnicodeString
ExFreePool
KeGetCurrentThread
PsGetCurrentProcessId
RtlInitUnicodeString
KeInitializeEvent
ZwCreateEvent
ExFreePoolWithTag

hal

ExAcquireFastMutex
ExReleaseFastMutex

battc.sys

BatteryClassIoctl
BatteryClassStatusNotify
BatteryClassInitializeDevice
BatteryClassUnload

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ