41de0b3fdbb488b0fd931bf57c6ac7f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41de0b3fdbb488b0fd931bf57c6ac7f7_JaffaCakes118
Size

4KB
MD5

41de0b3fdbb488b0fd931bf57c6ac7f7
SHA1

10248b03203dacc4e178a4980af4a17a5eabdc6b
SHA256

393870ad77831dd85239aea4ba0a0de7df70192e05c7ab34eb5dc2775d013aa4
SHA512

9ec301988653b2c6f76ac02a002a06f52eec6502f69dfe1063238acbc68baf741557d2ba00311b262dbb18eeb3020f4901eb78956004f298b9213401198bd731
SSDEEP

96:e7kbVkaGmJMBaRsC+6A6V6db9B5OAveon20rHMmq0yPE:m0slPWOb9B5OAveon20rHMmq0y8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41de0b3fdbb488b0fd931bf57c6ac7f7_JaffaCakes118

Files

41de0b3fdbb488b0fd931bf57c6ac7f7_JaffaCakes118
.sys windows:5 windows x86 arch:x86

4edfd276e71f47012f7caa2851028913

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\remove\removegb\objchk\i386\removegb.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ZwDeleteFile
RtlInitUnicodeString

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ