a08359627023dfacdfa3984ef0a4f47c_JaffaCakes118 | Triage

Sharing

General

Target

a08359627023dfacdfa3984ef0a4f47c_JaffaCakes118
Size

44KB
MD5

a08359627023dfacdfa3984ef0a4f47c
SHA1

5bce3af5f616d7c8f53db8e1e2c3e89376cbc472
SHA256

a2079f0c3c7de7db36318aaaa9d359b2099922ccb042e9d0baae5db57a10e12f
SHA512

e7a01db7be02d60c2439b4aaef9b10d6513c78ef1c94d12d936fe113ea888ae060a3143a604e66e00d2f4351e5defa80ad39a9451c451b12114b1c83aa2799e3
SSDEEP

768:gfUA8gc+wXkdaBat3wS9cAlhQSwKDy//WsxMWmmcI4fq:0Uhgcjlu3VWmJAXxWnfq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a08359627023dfacdfa3984ef0a4f47c_JaffaCakes118

Files

a08359627023dfacdfa3984ef0a4f47c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

5f63bccefa615bed8a97fb4b0a04921f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExUnregisterCallback
IofCompleteRequest
KeSetEvent
IoDeleteDevice
KeBugCheckEx
PoCallDriver
IoCancelIrp
IoDetachDevice
IofCallDriver
IoFreeIrp
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlCompareMemory
KeQueryInterruptTime
KeDelayExecutionThread
IoAllocateIrp
RtlCompareUnicodeString
ExFreePool
KeGetCurrentThread
PsGetCurrentProcessId
RtlInitUnicodeString
KeInitializeEvent
ZwCreateEvent
ExFreePoolWithTag

hal

ExAcquireFastMutex
ExReleaseFastMutex

battc.sys

BatteryClassIoctl
BatteryClassStatusNotify
BatteryClassInitializeDevice
BatteryClassUnload

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ