3f76b69091f1e9f87a26a45064b12c75_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f76b69091f1e9f87a26a45064b12c75_JaffaCakes118
Size

4KB
MD5

3f76b69091f1e9f87a26a45064b12c75
SHA1

f1468fee1e94e132330255bfcaaa19f80a833ad6
SHA256

955bd347d1c3c241bdb28690478841d8940eeeb8af38a5df278c33f8fa6fb3e6
SHA512

40a1743aefbebee453f2f6acfa294915d3a4843a8f5d843d1e438fd428e13a5a029515af0b20d324680d59bc8820e407aa9ac5b2131ac1de939367eac034bf44
SSDEEP

24:etGSmgKED4lTnaSjVpHzL7Uf9ZvTPyh7q9h3QzwHOFmt+VkqiwRrtrdKXkeE:6mgKEDBSHH7YTq9k+COFmt+VXVRrnK0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f76b69091f1e9f87a26a45064b12c75_JaffaCakes118

Files

3f76b69091f1e9f87a26a45064b12c75_JaffaCakes118
.sys windows:5 windows x86 arch:x86

faa8ce8fbfc4ee24e7fac313639fa181

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sys\i386\agony.pdb

Imports

ntoskrnl.exe

MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoFreeMdl
MmUnmapLockedPages
ZwDeviceIoControlFile
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 640B - Virtual size: 636B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ