aad837bf3b475092fd515cd0842334e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aad837bf3b475092fd515cd0842334e9_JaffaCakes118
Size

33KB
MD5

aad837bf3b475092fd515cd0842334e9
SHA1

2f845acac30e40d5aea3ccf8d02f5226089366a5
SHA256

57be83e12430fcd9ef76ff8dd8a139bf5a8b96e658edd98f4edb3dfb28f27dc0
SHA512

88f391b5742fc09a7ed4780a6b60d953d88d473ea870e1befa4dbc2e44afb15da3a3c31c00e5ff44e4104e15ac1b4e17558b0442390d8ced3f5b7c0b5edd607b
SSDEEP

768:H2I0dlTuxaE1pYDjyOgV9Vim9Llp4F/lNgtFwU5kY:Hh0dlop1KDWOgV/f9gNlqtFrkY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aad837bf3b475092fd515cd0842334e9_JaffaCakes118

Files

aad837bf3b475092fd515cd0842334e9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

840d8fecc2620f54ecd5e0d6da0b1e2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoCreateDevice
IofCompleteRequest
RtlZeroMemory
RtlInitUnicodeString
DbgPrint
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
MmIsAddressValid
KeServiceDescriptorTable

hal

KeLowerIrql
KeRaiseIrql

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 480B - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 416B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ