f54193edba701abb1498d12c3b0b1655_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f54193edba701abb1498d12c3b0b1655_JaffaCakes118
Size

331KB
MD5

f54193edba701abb1498d12c3b0b1655
SHA1

2b569da2a9ed67633bd69e873eee9363d5905f29
SHA256

cb5605fdab61957ae3b1b7dd9c0aaaee12d9689cb95472e40e75d5ac9356b354
SHA512

2f6a52db88f1640e83a7519cbcebed36575f02ebac506d6e08df028e2a18788c4c7fed9d50a16ebace1ef8b90da3f1b9bb0b35834911b13325974dd2a0692502
SSDEEP

6144:raDlCTDxkIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQ0dWihh1Bm:GhqxXEXpYrVpmt9jy1l+7xWsH/jzI2QJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f54193edba701abb1498d12c3b0b1655_JaffaCakes118

Files

f54193edba701abb1498d12c3b0b1655_JaffaCakes118
.sys windows:4 windows x86 arch:x86

4b83aae50e2e67d5014be126a21c1cc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetDiskDeviceObject
IoFreeIrp
InterlockedExchangeAdd
PsReturnPoolQuota
ExAllocatePoolWithTagPriority
PsChargeProcessPoolQuota
RtlCopyUnicodeString
RtlCompareUnicodeString
MmResetDriverPaging

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ