8a2b05472106af953ed66d788c55fc23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a2b05472106af953ed66d788c55fc23_JaffaCakes118
Size

16KB
MD5

8a2b05472106af953ed66d788c55fc23
SHA1

1fd0edac0ed3f5b07878e272430b705c50db3877
SHA256

835bdc55ec40d9bf971737e0abd0749090030a02b98de22e46c3a9fbad3f15d1
SHA512

55fd7f67e6e92b9f9923611130f2098e11c552728946e7509450d33970a19825cc1f1d1f4faf424b97200afbd4786d2545f450cff098f25d6b0372b7a4597bb8
SSDEEP

192:S4BJH47EVyt8rcuAP7EnJRlYztnW41nU73gxj229u1y9ZMO60A2jV/c6++:3Bnyt2cxARlYztW2y29u15Om2hEb+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a2b05472106af953ed66d788c55fc23_JaffaCakes118

Files

8a2b05472106af953ed66d788c55fc23_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a468972b1943f235840cbb7ba6c8731a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
IofCompleteRequest
ObfDereferenceObject
PoCallDriver
PoStartNextPowerIrp
IofCallDriver
KeWaitForSingleObject
KeInitializeEvent
KeSetEvent
IoBuildSynchronousFsdRequest
IoDeleteDevice
ExFreePool
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
InterlockedExchange
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCreateUnprotectedSymbolicLink
RtlInitUnicodeString

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 235B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 672B - Virtual size: 660B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ