fd7b3c10b565b9780cffc3c55c1fde38_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd7b3c10b565b9780cffc3c55c1fde38_JaffaCakes118
Size

739KB
MD5

fd7b3c10b565b9780cffc3c55c1fde38
SHA1

f5c6fcd2ee2105705a8f415c0e13c15eb9a3b148
SHA256

16cd4b2849e1094104c7463a113825f79a5c7196b27c10f7fa43508b6eb244aa
SHA512

a081d1689dce04462f3bac6d202fccd46d41df2b1567601ab43d04a280019524a7bcb5c6124f6d607d9d3a83e7c774d006f4ff6ddee306d94df43585e1b1e631
SSDEEP

12288:XVWbrck2ydNsnUcLUaGn9jb/VFAQVc7U9VOIn1KbXU9TFKGMRvdf/DlbNTA:ex2dnUcL/A9tFAQVf1KeFSRvRrlbu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd7b3c10b565b9780cffc3c55c1fde38_JaffaCakes118

Files

fd7b3c10b565b9780cffc3c55c1fde38_JaffaCakes118
.sys windows:4 windows x86 arch:x86

3e927a97683d7fad0bebd96dd7cd357c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
_snprintf
IofCompleteRequest
ExFreePoolWithTag
ZwQueryValueKey
ObfDereferenceObject
IoOpenDeviceRegistryKey
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
IoReleaseCancelSpinLock
IoInitializeRemoveLockEx
RtlAppendUnicodeToString
KeSetTimerEx
ZwQuerySystemInformation
MmProbeAndLockPages

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ