41e0ec372f0c9df9c71bc7c3e7d0f342_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41e0ec372f0c9df9c71bc7c3e7d0f342_JaffaCakes118
Size

8KB
MD5

41e0ec372f0c9df9c71bc7c3e7d0f342
SHA1

b7f9048004b3140af9873a82a5e69ada621b692f
SHA256

2974798324b059f07ab7cbb34d0c037e4e9322a699a5818e4552ca74ca5416b3
SHA512

1b6f07c01050d429c230d96b83be6e18ad707bc9edf698c154c324a9293f271d5f651dd26f953e8cbfdff987de8c8536e10911bdde670572b0f483d8ccde4aa3
SSDEEP

192:RgzqWE93e9FIj2F+A+9Euwkyd5em9mMO:9u9aj2UyoAFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e0ec372f0c9df9c71bc7c3e7d0f342_JaffaCakes118

Files

41e0ec372f0c9df9c71bc7c3e7d0f342_JaffaCakes118
.sys windows:5 windows x86 arch:x86

df32efe8272ed4de5cdec3331a27af39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\2600\src\basic_2\objchk\i386\TNT.pdb

Imports

ntoskrnl.exe

KeServiceDescriptorTable
IoFreeMdl
MmUnmapLockedPages
ZwQuerySystemInformation
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
DbgPrint

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 254B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ