db710b3161128fdabaf7ebe96dbb47fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db710b3161128fdabaf7ebe96dbb47fe_JaffaCakes118
Size

132KB
MD5

db710b3161128fdabaf7ebe96dbb47fe
SHA1

063750fc7b8252393349fac9e1890a9409ca9525
SHA256

38ba7e1532d32e9180a24a1b08cf65e83dbc215ddedc384a3ad9dd48ba8b5c60
SHA512

a0818f7ef7b980779d56bb25d32434ae3acfbae4e27b4c3454af3711dbd9f1327aada0bdb6d69dca9d43aac0c337605ba376f540cc683f8ac12385e6cae8b2a7
SSDEEP

3072:POHJEkWGqWZyywMCpHvCclHdiY2FJJ11:kEkplZbwD9KcfipFJJ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db710b3161128fdabaf7ebe96dbb47fe_JaffaCakes118

Files

db710b3161128fdabaf7ebe96dbb47fe_JaffaCakes118
.sys windows:6 windows x86 arch:x86

4bf137289ecb3d5b7939d36618ad3044

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

ntoskrnl.exe

ExAllocatePool
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfLowerIrql
HalMakeBeep

fltmgr.sys

FltCreateCommunicationPort

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abb0
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abb1
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ