27ac1769db13fa5a59ce3c8c92053aa0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27ac1769db13fa5a59ce3c8c92053aa0_JaffaCakes118
Size

49KB
MD5

27ac1769db13fa5a59ce3c8c92053aa0
SHA1

fad16858d481185cbe9b6f94fa32f2d6ea9511d1
SHA256

62eb551995d62ef81fc1cd027987be22a8e435d27e0d53fca40c370572a33358
SHA512

b5b050d73a8338e6772cb3c7cf3aeb3dde81d0bb10e4f84d34c76e3a04c9c03d4c6a3e9d763ca6c9e1d29cd55e0505fc8185368b0df8eaaced9d4b36e7844d08
SSDEEP

768:YRybdL5Zu0p8jRlyI+M+YwCGt7QaRpr76lKUoeL1Az6qMHrsgGzCgAcP:YQdvVpImDM+iQRpOLeFc4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ac1769db13fa5a59ce3c8c92053aa0_JaffaCakes118

Files

27ac1769db13fa5a59ce3c8c92053aa0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2fdabff33db571fdd0278d89e24717d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

usbport.sys

USBPORT_GetHciMn
USBPORT_RegisterUSBPortDriver

hal

KfLowerIrql
HalProcessorIdle
KeRaiseIrql

ntoskrnl.exe

ZwCreateFile
ZwTerminateProcess
isprint

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myn
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tsuoc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ