61ef1bd87cd8bc3d3f8ce1840d0f3984_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61ef1bd87cd8bc3d3f8ce1840d0f3984_JaffaCakes118
Size

721KB
MD5

61ef1bd87cd8bc3d3f8ce1840d0f3984
SHA1

bdde64b1f0752bde745aaedb5adbebe929688966
SHA256

35ed9e6075e30aa93cb1ea3c77838868b8882b47db291747a6a3db97685c8656
SHA512

47e7606dbd18a2451f8b7c061fd244902dadb1e12bac3dc1cae0ef259ded5f597e506d4258a3d024a203c97cebc282be7f5b828f4f63190edd52683faf299e6d
SSDEEP

12288:0zANXH9k6chD7NgxfodUrnz5dvS+OFuvVxhATIq8pnOQfiRBUHOl4svoBAz1C:0zItHc57FI7S+pkIpiXpWsKAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ef1bd87cd8bc3d3f8ce1840d0f3984_JaffaCakes118

Files

61ef1bd87cd8bc3d3f8ce1840d0f3984_JaffaCakes118
.sys windows:4 windows x86 arch:x86

1db4dda93cfe45e113ec348ca394f865

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
KeSetEvent
IoDeleteDevice
IoCreateDevice
PoCallDriver
IoFreeIrp
RtlFreeUnicodeString
KeInitializeDpc
IoFreeMdl
IoQueueWorkItem
IoFreeWorkItem
PoRequestPowerIrp
KeInsertQueueDpc
RtlInitAnsiString
IoWriteErrorLogEntry
IoBuildSynchronousFsdRequest
_vsnwprintf
RtlUnicodeStringToAnsiString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
KeInitializeMutex
_vsnprintf
RtlWriteRegistryValue
IoInvalidateDeviceRelations
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ