c75609d83dbd5785caeaf031960dfec3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c75609d83dbd5785caeaf031960dfec3_JaffaCakes118
Size

106KB
MD5

c75609d83dbd5785caeaf031960dfec3
SHA1

d2378bf4264dc8293a576dac7247eeadf646ca94
SHA256

ccda155ee988b3b1f5a9146414f412e588f8160cdc4553d41e38e5d84a32bd97
SHA512

de0fea51ea8ba32a6353c48749a5538c2e7dec0ea4a1a3f837d012be75ff52de40d394b15cd9b1c658fe7986f4e5fc175d3e7d58bd8bf610f7f781f4d02613ff
SSDEEP

1536:jE9BiP1X5Oxs5zdn+qSEKWnDscqZVpUGZ0cIh0usxsBFWrZaD+dyS:4EX51zd+qSVjfZQGZdITBsZaD+dJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c75609d83dbd5785caeaf031960dfec3_JaffaCakes118

Files

c75609d83dbd5785caeaf031960dfec3_JaffaCakes118
.sys windows:5 windows x86 arch:x86

2b01978c65c40b9f2f44b0161e89063d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
IoFreeWorkItem
ExAllocatePoolWithTag
KeWaitForSingleObject
IoAttachDevice
memset
ExFreePoolWithTag
KeSetEvent
ObfReferenceObject

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ