5f52cfa27216129b8190e28445d45e9c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f52cfa27216129b8190e28445d45e9c_JaffaCakes118
Size

106KB
MD5

5f52cfa27216129b8190e28445d45e9c
SHA1

395172d630da0eb076b1dbb35665c0dbef826274
SHA256

2141035804b2f7c047dc2dd669489f54a9351cf4885b055a9e45642daa5d7589
SHA512

dce36eed2b0f216afe7675ce88f865d29b0a8c6dab98760bdc9b91820ef2ce55b038808fdb237b31b0ab05516c1584691fb8dab3418f014bd7afef2e208e9523
SSDEEP

1536:90XVxzpQXe3t+hWtCQ5Q05tP4Tn/79njaQ:9qrd2WtC/wC7ljaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f52cfa27216129b8190e28445d45e9c_JaffaCakes118

Files

5f52cfa27216129b8190e28445d45e9c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ac507911357f80e35aecfaf4f80f5009

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
KeInitializeDpc
KeInitializeMutex
memcpy
IoAllocateIrp
IoAttachDevice
memset
IoFreeIrp
IoFreeWorkItem
ExFreePoolWithTag
IofCallDriver
ObfReferenceObject

hal

ExAcquireFastMutex

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 364B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ