c0f302eca153a2b29313516ff982f72d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0f302eca153a2b29313516ff982f72d_JaffaCakes118
Size

741KB
MD5

c0f302eca153a2b29313516ff982f72d
SHA1

5f183dd7421f59b670aca911706734503c8320e3
SHA256

8d88749ceff2ccb5038d238004e627ec309ee029708d4314411868e862b192b4
SHA512

5a694294567e3d967f45655b45d6311ce06b8cbdd8cccad3f77517075ca79d031e4cc1d01bdb9f322fa3c3ac232408ceb341391938a2e616482fce0e6719acb4
SSDEEP

12288:4Sr0cQ4diShihjW7K0jzMkjoJ+sOL9b/HhnEd2abMl6TXhY61lIJPTH2jSHr:4BcQ4di2i1W7PIzJ+tPQ2KMcT2YlIJPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f302eca153a2b29313516ff982f72d_JaffaCakes118

Files

c0f302eca153a2b29313516ff982f72d_JaffaCakes118
.sys windows:6 windows x86 arch:x86

68c47e3223d62f19f15f494501464ef4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

ZwQueryDirectoryFile
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeRaiseIrqlToDpcLevel
HalMakeBeep

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bmm0
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bmm1
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ