2ca352bc09b3c4ec2c3f8ab41584a272_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ca352bc09b3c4ec2c3f8ab41584a272_JaffaCakes118
Size

36KB
MD5

2ca352bc09b3c4ec2c3f8ab41584a272
SHA1

46f5cb1b0ed0a1ab05232581a7caf644906c0edb
SHA256

bb7504021ccb5cdb0b659ec573a3cf5a87b9108c8fa7e0e370594e474d47facc
SHA512

cb11f26232d72a5b3c8ae9b810c778bc958f42b5227d638204cdd168d54c0f141d6391c90ce41e114f62b3c3855f217ef810ee6792448b10927e246e2f327a9d
SSDEEP

768:Bsz8J2cWIODdtyWq3jFQ7/I3rN4gV2w2D+dIHRQ:93TTFQmhVCDQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca352bc09b3c4ec2c3f8ab41584a272_JaffaCakes118

Files

2ca352bc09b3c4ec2c3f8ab41584a272_JaffaCakes118
.sys windows:5 windows x86 arch:x86

ac694e00a2633d6bf820fd81450354a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
RtlInitUnicodeString
memcpy
RtlCompareUnicodeString
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
memset
ExAllocatePoolWithTag
ExFreePool

Sections

.code
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ