0d17ba5dc992cf6e90b1a9f51dcfee6b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d17ba5dc992cf6e90b1a9f51dcfee6b_JaffaCakes118
Size

31KB
MD5

0d17ba5dc992cf6e90b1a9f51dcfee6b
SHA1

67a18b89b14f27bb37d7608ad881d404fd5d2540
SHA256

bae853321a72cdec8dab58eb4c8ce20f5e5d3a25af5029aab15a6763f16e0b80
SHA512

323390654b4ca1e1c08aa66d1947eae7847858ffe48364eb0dd38fcaa5e34ac4f3e6368d3eefb67c180fe4e8413d6c7bbc3cf7145282f564f590d1897aa393c4
SSDEEP

768:AX5Y6qkzUzlm7Wm05Q/Ao74FPP4GiQs2UDzsGB0BnUdEt8b2iY+u:C5YSzF08Ao74NP4Vfj0BUet8b2iY+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d17ba5dc992cf6e90b1a9f51dcfee6b_JaffaCakes118

Files

0d17ba5dc992cf6e90b1a9f51dcfee6b_JaffaCakes118
.sys windows:5 windows x86 arch:x86

a0c645ddf05743d806335276c55d078e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

scsiport.sys

ScsiPortFreeDeviceBase
ScsiPortGetDeviceBase
ScsiPortConvertUlongToPhysicalAddress
ScsiPortMoveMemory
ScsiPortNotification
ScsiPortStallExecution
ScsiPortReadRegisterUchar
ScsiPortWriteRegisterUchar
ScsiPortGetBusData
ScsiPortCompleteRequest
ScsiPortGetPhysicalAddress
ScsiPortWriteRegisterUlong
ScsiPortGetVirtualAddress
ScsiPortWriteRegisterBufferUchar
ScsiPortLogError
ScsiPortReadRegisterUlong
ScsiPortReadRegisterBufferUchar
ScsiPortGetUncachedExtension
ScsiPortSetBusDataByOffset
ScsiPortInitialize

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 576B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ