be5b7b9e27bf89ccf269c58ba77cf557_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be5b7b9e27bf89ccf269c58ba77cf557_JaffaCakes118
Size

75KB
MD5

be5b7b9e27bf89ccf269c58ba77cf557
SHA1

263826f40fe8d0b459139c58d0a287b59dd64597
SHA256

f6d436c4dced5eafcf7ea6a76e570994dbe9efbc5d76123b20ade14683964f3b
SHA512

ad2edfedc5508050b6eb0d4f1ca333c7aec74a47996908b7b55cc1f319c1c52265b8e6c98f9059348b3a1b46b3b4073128985ba7e9a05b6b910fb7a3e58e7273
SSDEEP

1536:DrgChWAdholGLb0uEmwIafMZCKhCxL83KK4kv:DXWAeGhBaUZ5Cxo3Ky

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be5b7b9e27bf89ccf269c58ba77cf557_JaffaCakes118

Files

be5b7b9e27bf89ccf269c58ba77cf557_JaffaCakes118
.sys windows:4 windows x86 arch:x86

d332cfcaf28e177236cce7b8f893d384

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeQueryPerformanceCounter

ntoskrnl.exe

KeInitializeSpinLock
KeGetCurrentThread
KeInitializeTimer
PsGetCurrentThreadId
IoGetCurrentProcess
KeInitializeEvent
memcpy
memset
ExFreePoolWithTag
MmQuerySystemSize
PsGetCurrentProcessId
KeInitializeMutex
KeTickCount

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ