dcaa1ea80115b7b3691e4eb7ff0ef574_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcaa1ea80115b7b3691e4eb7ff0ef574_JaffaCakes118
Size

14KB
MD5

dcaa1ea80115b7b3691e4eb7ff0ef574
SHA1

276b94579135b427e9c6e59dc3f0ea5cf577c14f
SHA256

93865117fb7da6f6ebd0840d0d5fe8187230fc4a3e76cc4cd4be0add0c2b36dd
SHA512

542ec631f1ea15219fc8c8c7ac87949ceb52a2960a6be40431862166b1ffb8f4e5d97f2b22986ad18a774446fc7ee58a59ea94ed32ff40850929fbc5fe5f0431
SSDEEP

384:s6uLIaL/AtydGlaSqGgFdD/kGrLr9svPCcy8BB7IQ:btydsvgHoAsv6MB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcaa1ea80115b7b3691e4eb7ff0ef574_JaffaCakes118

Files

dcaa1ea80115b7b3691e4eb7ff0ef574_JaffaCakes118
.sys windows:1 windows x86 arch:x86

aa373cda7ac2aa32084dd5782d7fe5a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
DbgPrint
ExFreePoolWithTag
IoCreateFile
NtReadFile
NtClose
ZwCreateKey
ZwQueryValueKey
KeDelayExecutionThread
MmIsAddressValid

hal

KeRaiseIrql
KeLowerIrql

Sections

.xio
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 736B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE