770872e7c4985d3fdf8755ec632c11e1_JaffaCakes118 | Triage

Sharing

General

Target

770872e7c4985d3fdf8755ec632c11e1_JaffaCakes118
Size

158KB
MD5

770872e7c4985d3fdf8755ec632c11e1
SHA1

f951fb11cec7f92e8693dd2b8a27b5a1abd7bfc7
SHA256

c841be8965505d3b514bfae81d48b34d96596a7d9936255f60df6a82396fd08b
SHA512

57eb9cc32274935ed5cbaf9e8cb51c5da2c1dc7a2712694302963bc6d436a6f4a01735e7994d5e06a49da3a1c74a82095e57c05e62eb6051f3dc2fccf65325dd
SSDEEP

3072:R+rbuiFWkFgrndW6p8V3UXKWo3RRQWiTb8YS8beW5NzhPR:R+rbUkAndW443ROWiTb8YS8CCP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
770872e7c4985d3fdf8755ec632c11e1_JaffaCakes118

Files

770872e7c4985d3fdf8755ec632c11e1_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d93d27de7117b7ef5252cf3e77442cbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitAnsiString
IofCompleteRequest
RtlAnsiStringToUnicodeString
ExFreePool
ExAllocatePoolWithTag
ObReferenceObjectByHandle
ObfDereferenceObject
RtlFreeUnicodeString
IoCreateDevice
KeSetTimer
KeCancelTimer
KeSetEvent
IoStartNextPacket
MmUnmapIoSpace
MmMapIoSpace
IoCreateUnprotectedSymbolicLink
KeInitializeTimer
KeInitializeEvent
KeInitializeDpc

hal

HalTranslateBusAddress
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 672B - Virtual size: 644B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ