b0a2f4e91b200df619252c8c4f5fdfe2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0a2f4e91b200df619252c8c4f5fdfe2_JaffaCakes118
Size

96KB
MD5

b0a2f4e91b200df619252c8c4f5fdfe2
SHA1

5727fe0a97eac5f9f252f6ab2d80ec2e468f12b6
SHA256

2c4686527e7e1cb35f8bf0615727f4166e7c27521b25f2aecf0e2bcc65e98d51
SHA512

c1e5021cd2e3b7760d1a047674d3ad5a8c96325c2304dbdb13aa1b888a056d49de252708e96556001f113946f91580fe90d0e18d2510154f3df1d173708d5d14
SSDEEP

1536:xU/vInosk4dxJaE/bQECyvwrcrZLJ4W87Oi4ElCn/TV6DrD6s2M0P5JPOBG6o3xu:xUnek4draE/bvZvwrx6i4Ek/TV4msRUq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0a2f4e91b200df619252c8c4f5fdfe2_JaffaCakes118

Files

b0a2f4e91b200df619252c8c4f5fdfe2_JaffaCakes118
.sys windows:5 windows x86 arch:x86

06955723421b5e9538b8e0219dbf96a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeMutex
IoAllocateWorkItem
DbgPrint
ZwClose
ExAllocatePoolWithTag
ObfDereferenceObject
IoGetRelatedDeviceObject
IoFreeWorkItem

Sections

.text
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ