afdbde0212be4b7844fda76bd06eaa96_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afdbde0212be4b7844fda76bd06eaa96_JaffaCakes118
Size

81KB
MD5

afdbde0212be4b7844fda76bd06eaa96
SHA1

ffe617bd0c2897dec6362e18294854aecaf3ef68
SHA256

0d3315b29c25133e824e94b73e3ad51b70e39db0ac8d70d196dc3f8a81a5b395
SHA512

a55c1c239142bcacc6901542f559fecbfcb43c82abb7708a8b52f95df9cd77d6bc16253dab0e73f811e0da64f48352c0db6ddf63d71e1596468d4b4c1a264c7a
SSDEEP

1536:5taM8MhfWoj3Gd5v2AiV8/v6EusgUplZ5EFOaUDJ9X62qx6:nthJj3Wv388qEvlLEFQXvqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afdbde0212be4b7844fda76bd06eaa96_JaffaCakes118

Files

afdbde0212be4b7844fda76bd06eaa96_JaffaCakes118
.sys windows:4 windows x86 arch:x86

eafe34fa73ba09669e69fe1cc0967347

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

HalHandleNMI
HalTranslateBusAddress
HalClearSoftwareInterrupt
KfReleaseSpinLock
READ_PORT_BUFFER_UCHAR

ntoskrnl.exe

ZwOpenEvent
isprint
ZwCreateFile

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ