cfd06375ce5de2f32749f991c90500e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfd06375ce5de2f32749f991c90500e0_JaffaCakes118
Size

29KB
MD5

cfd06375ce5de2f32749f991c90500e0
SHA1

0c453d04fd996f4b7525359553d2ab048e987fe2
SHA256

2cbfa178e3c6c23e4d93966a4fe29f2b584a75d3a79a1c7b4ca2151d8850061d
SHA512

f8e4d5c5c5ceab300625cab9d2bb9e13399ea336ce5a12fe0cc6113aa6b6b70cc33c9cfc5ae2053b566770af3ae5cecc623d56c513c87c135c8fa370ee8a03e3
SSDEEP

768:qu8iA+YpJ7aRSf3mEVpXVPbE/eA+KVUeQCoaiu+9bmK1k+qW:qyfAJmRSPpXVPbE/eSU9CB+dmK1k+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfd06375ce5de2f32749f991c90500e0_JaffaCakes118

Files

cfd06375ce5de2f32749f991c90500e0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e9f361b3ae98428052ca50757486e6a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoInitializeIrp
strcmp
RtlFreeUnicodeString
RtlImageNtHeader
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
Exfi386InterlockedIncrementLong
DbgLoadImageSymbols
KeQuerySystemTime
MmProbeAndLockPages
RtlInitString
ZwQueryInformationProcess
ZwLoadKey
MmMapLockedPages
ExFreePool
IoCreateSynchronizationEvent
MmAllocateContiguousMemorySpecifyCache
strcpy
ExAllocatePool
ExSetTimerResolution
RtlIsGenericTableEmpty
IoGetDriverObjectExtension
DbgPrint
ZwDeviceIoControlFile
InitSafeBootMode

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 775B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 1024B - Virtual size: 663B

IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ