3acfe88885dae18b62eb48e92902860a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3acfe88885dae18b62eb48e92902860a_JaffaCakes118
Size

32KB
MD5

3acfe88885dae18b62eb48e92902860a
SHA1

5612502239743ca5854327e441538ffe6b8fad84
SHA256

d786d763f9c9c05f5bfab43b5b44b1caced38ebfacabc61d6143f77863de0756
SHA512

37a44715a9e8bf2a52e47b8f0d4e325cc7c9983aee68ce2bf8dac72cc930dbef164cb910c6e2e7b5d350af6086dd6b3b2fa240b658a75cd0294adfe7043d8b64
SSDEEP

768:qGU/ANaMguhSzGwnxR91QL4qyWZ6aDPA2bpqVf:qdkQusKu1QL4qSarv9of

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3acfe88885dae18b62eb48e92902860a_JaffaCakes118

Files

3acfe88885dae18b62eb48e92902860a_JaffaCakes118
.sys windows:5 windows x86 arch:x86

3252eff1921275d950c1d37c99fc90d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ExAllocatePoolWithTag
ExFreePool
RtlCompareUnicodeString
_except_handler3
PsCreateSystemThread
RtlInitUnicodeString

Sections

PFZhFDhm
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hwSYZJJC
Size: 128B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cpWaSInP
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CAOsLjyN
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mboQGwGA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE