b6e976463dafcbcb1d4254917792263d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6e976463dafcbcb1d4254917792263d_JaffaCakes118
Size

148KB
MD5

b6e976463dafcbcb1d4254917792263d
SHA1

615f1725918d941b1f6c55b6234219ee052a2523
SHA256

b01bee59a1864762f16f7cd1d35d089d311233153f10a8daa41d3dddd17be46b
SHA512

1f658d4dae1241e16982b8adcb3f6d1101cd372b2e4e25e6d51b7aaddd2139e1d84b5b09e23e88a60d959c8ec5894236865375c48acf9c9eca4d6663b9c2afd9
SSDEEP

3072:vZ86eqoIeHeX+oEvbHtmnqckFtt0bi27BEJ4PZ+dqyzs:R8jIIeXihmqNkbi2Fs4x+dqyzs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6e976463dafcbcb1d4254917792263d_JaffaCakes118

Files

b6e976463dafcbcb1d4254917792263d_JaffaCakes118
.sys windows:5 windows x86 arch:x86

0292382fe83069e6f26a9091879344d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hal

HalSetRealTimeClock
IoFreeAdapterChannel
HalRequestIpi

ntoskrnl.exe

ZwOpenFile
isprint
ZwCreateFile

tdi.sys

TdiRegisterProvider
TdiInitialize
TdiRegisterNetAddress

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.assc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.relhol
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ