71a92884e3f29910b9edb5c02af3a249_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71a92884e3f29910b9edb5c02af3a249_JaffaCakes118
Size

79KB
MD5

71a92884e3f29910b9edb5c02af3a249
SHA1

daa316ca9191e8d47eb2708cbcdf0bb85a0cac46
SHA256

8cb8ebe31f59cc1698f1720c4a1c16614ede693eb352a8bb68a219b86d059a1f
SHA512

1fc8d2562ac76fe1ec637330443e7be8087df87884f3f16a1b9fcb628a66735e8db23cc0110b76b1490abcabb89917dbd06a0f5d7ceb2c1fa25f85d62e05ac6c
SSDEEP

1536:FMVHNN9ZYOWpBqlXDC5HJ/ORDyr+ARA9yXDiZom3oLR:2tNbZYOWpBYTCFlORDGXOG9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71a92884e3f29910b9edb5c02af3a249_JaffaCakes118

Files

71a92884e3f29910b9edb5c02af3a249_JaffaCakes118
.sys windows:5 windows x86 arch:x86

157a528b056a034e2ab10ec44642d03c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
memset
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
ObfReferenceObject
KeWaitForSingleObject
ZwClose
IoAllocateIrp

hal

ExAcquireFastMutex

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 308B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ