6ae0d785866c20a65f70ff0827083fb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ae0d785866c20a65f70ff0827083fb8_JaffaCakes118
Size

721KB
MD5

6ae0d785866c20a65f70ff0827083fb8
SHA1

a199141c8b2629cea05b7bb928ccb0f6018258e7
SHA256

3962338101f185f662e2c84178c32748659d9c2e94435456038b5b98b7562627
SHA512

1718cfc910b4935f16b82d9b70d4c81a4e2e797d8a57758be54972ec1a72af26fa25ab32b034a1b7aebdbe2e98051fcc6f9769e9c8157a72ae4ba06be8b5d558
SSDEEP

12288:Fm0SUSBVq44ltLNUFZ3icJs1nbbL4f3RLtlm81AlGkmH2wXPc8iLtUH7ywgPLYq9:FmJUS/ht2z2hLtlm8GrmWbFBUO5FJWTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ae0d785866c20a65f70ff0827083fb8_JaffaCakes118

Files

6ae0d785866c20a65f70ff0827083fb8_JaffaCakes118
.sys windows:4 windows x86 arch:x86

418ca8b93080ff3246b752ed58a5633e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
RtlInitUnicodeString
RtlCompareMemory
IoCancelIrp
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
RtlUnicodeStringToAnsiString
ObfReferenceObject
RtlIntegerToUnicodeString
IoAcquireCancelSpinLock
IoDisconnectInterrupt
KeRemoveQueueDpc
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ