2b75c2ecbbda54aec4ae6eeaac1db67e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b75c2ecbbda54aec4ae6eeaac1db67e_JaffaCakes118
Size

20KB
MD5

2b75c2ecbbda54aec4ae6eeaac1db67e
SHA1

703cbbbfff84c3f558bc97376a23003e15801d34
SHA256

1dfa599fb1a61a2ea48dfde87a3d72a756f3f9367e6128b62f688e9b46715b27
SHA512

3ade802c15ee3cce502604582269887b617b48cc6574353cd61f22b15ccd20b84282efb9332aab20a7be07ce40841c531678517daa20891aa003cb5d3e1acd4a
SSDEEP

192:AR85h5bIu8TkZD886+fAXsW5DI1TI3QqOOclaM3fhkiLYn6kxKxbTa9:ARG8YZgrNG0gHOcbfh6n6kGbU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b75c2ecbbda54aec4ae6eeaac1db67e_JaffaCakes118

Files

2b75c2ecbbda54aec4ae6eeaac1db67e_JaffaCakes118
.sys windows:6 windows x86 arch:x86

f58903b900ae2e9db16550cf64d52df1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ckldrv\i386\ckldrv.pdb

Imports

ntoskrnl.exe

ord7156
ord7174
ord7198
ord7222
ord7246
ord7270
ord7292
ord7312
ord7322
ord7336
ord7352
ord7378
ord7392
ord7402
ord7426
ord7448
ord7458
ord7484
ord7508
ord7526
ord7546
ord7558
ord7568
ord7590
ord7616
ord7638
ord7660
ord7688
ord7712
ord7736
ord7762
ord7786
ord7804
ord7818
ord7848

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ