cded24926f3e5087db73dc42f9c14d4c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cded24926f3e5087db73dc42f9c14d4c_JaffaCakes118
Size

89KB
MD5

cded24926f3e5087db73dc42f9c14d4c
SHA1

92d3bdb10d33582230d79d66e4e17b11eb838cc8
SHA256

e99269c546c6e10b712a2f20f7ee2e4cdba0bed0145afe5d2741ba753f3a4f7e
SHA512

3916f0426b3af483bcf6bc5b5d52831d42c73479ab9b01846f8365715b2e95c6d75376220655ca799f2f4c2b2c5e26d407d71a59662ac2b1508aeb6fbf79a091
SSDEEP

1536:kbJGHCYpnRWio1yvnz8JfDOEw5/YWbCIQ84H3C2hIbG2uU/c5R35jwnMMchB:kbJSXW34WfDu5/YaCIR4GGPU/M35T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cded24926f3e5087db73dc42f9c14d4c_JaffaCakes118

Files

cded24926f3e5087db73dc42f9c14d4c_JaffaCakes118
.sys windows:5 windows x86 arch:x86

f66a5348ce62b4f44be4e9982ad4e591

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAllocateMdl
IoFreeWorkItem
ObfReferenceObject
ZwClose
ObfDereferenceObject
IoFreeMdl
KeInitializeMutex
ExAllocatePoolWithTag
IoAttachDevice

hal

ExReleaseFastMutex

Sections

.text
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 316B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ