68f15dd40a1b77560ba6a2140328949b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68f15dd40a1b77560ba6a2140328949b_JaffaCakes118
Size

23KB
MD5

68f15dd40a1b77560ba6a2140328949b
SHA1

73d774c344b8f3abefe06d728b8d2b9c75b75c83
SHA256

14eb6038b34896245ff06998d98c4d7188292ec9899531222542b980aece72f8
SHA512

776e0ce680a88effa3e8d9684b2e78975c0d3292a4747efbade3cbf575ae5f33970299fb65bad4d146d5446e9bf88f9712bc0749a2326a550432fe4cb0f78fe7
SSDEEP

384:G64Xao4AJW+36M8IrS7DMeCIoa8TpzzZ15aheGdh/jat1HEdv5O+vGWcYuabU6Gf:GdJdrkKha8Tpzzn5Ieoi1HUZvxvbbU6J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68f15dd40a1b77560ba6a2140328949b_JaffaCakes118

Files

68f15dd40a1b77560ba6a2140328949b_JaffaCakes118
.sys windows:6 windows x64 arch:x64

048e0814d53b56f7105795deb0fc45d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msahci.pdb

Imports

pciidex.sys

AtaPortCopyMemory
AtaPortGetPhysicalAddress
AtaPortReadRegisterUlong
AtaPortInitializeEx
AtaPortDeviceStateChange
AtaPortEtwTraceLog
AtaPortRegistryFreeBuffer
AtaPortGetBusData
AtaPortRegistryRead
AtaPortRequestCallback
AtaPortStallExecution
AtaPortGetUnCachedExtension
AtaPortReadRegisterUchar
AtaPortBuildRequestSenseIrb
AtaPortReleaseRequestSenseIrb
AtaPortCompleteRequest
AtaPortNotification
AtaPortGetDeviceBase
AtaPortGetScatterGatherList
AtaPortRegistryAllocateBuffer
AtaPortWriteRegisterUlong

ntoskrnl.exe

KeBugCheckEx

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ