a15eda25bdd38cba82a53bb54a4eb294_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a15eda25bdd38cba82a53bb54a4eb294_JaffaCakes118
Size

129KB
MD5

a15eda25bdd38cba82a53bb54a4eb294
SHA1

778b89586dd481c1df98db490e84adc0c47a3386
SHA256

23a7867e24e6ac1b8c118d7538486dde1b6c8db7e7a701ae161b9b481a688a03
SHA512

05b9a7c386d3e5dd251d7abd7cc375d7741c904911de17f4a37518a5d5f2b11c045530db166977ada79a11fc664e2efa5671b146e8179790115be8a0c9ee31af
SSDEEP

3072:gWM+etIcbC0jyMxrbtIcbC0jyMxrLWM+etIcbC0jyMxrF:cjbCIyMxHjbCIyMxfjbCIyMx5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a15eda25bdd38cba82a53bb54a4eb294_JaffaCakes118

Files

a15eda25bdd38cba82a53bb54a4eb294_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3209e03d8d2d8f153f489b262d1a746c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeQueryPerformanceCounter

ntoskrnl.exe

KeInitializeSpinLock
MmQuerySystemSize
PsGetVersion
KeTickCount
memcpy
memset
KeInitializeMutex
KeQueryActiveProcessors
ExFreePoolWithTag
PsGetCurrentThreadId
PsGetCurrentProcessId
KeInitializeTimer
IoGetCurrentProcess

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ