d046e7ef473f152ad41ca381388aa8b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d046e7ef473f152ad41ca381388aa8b9_JaffaCakes118
Size

69KB
MD5

d046e7ef473f152ad41ca381388aa8b9
SHA1

3f2b92ba56fd95e3fe4a4fd9063351431cbdcb05
SHA256

8b7b882b6f9bb74a315bdc29891548e3bc40d28e22fca9acc8f548db69d2ae91
SHA512

2573e80fa199e0a116664157801503ddf3ea832782387f96ee7cbb524402493d4379dffcf3f6a6ce297de77ad5cdf66976250b9b6184c946527dcb8ba02f891c
SSDEEP

1536:54lMWwFx8wKaCV0wK2l3Vmmak08t/Foy60TgAd9Rf:2AxJKayRrVVmmau60Tgs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d046e7ef473f152ad41ca381388aa8b9_JaffaCakes118

Files

d046e7ef473f152ad41ca381388aa8b9_JaffaCakes118
.sys windows:5 windows x86 arch:x86

b3d804a4938d7b04f65afd892b1718fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
RtlDecompressBuffer
IoCreateDriver
_stricmp
RtlAnsiStringToUnicodeString
strchr
RtlInitAnsiString
ZwQuerySystemInformation
ZwClose
RtlCompareUnicodeString
IoDeleteDriver
strncpy
ExFreePoolWithTag
_except_handler3
memset
memcpy

hal

KfAcquireSpinLock

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ