42aba7e7d078c2cef73d8dda4496e07b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42aba7e7d078c2cef73d8dda4496e07b_JaffaCakes118
Size

46KB
MD5

42aba7e7d078c2cef73d8dda4496e07b
SHA1

6f039a2cce5aea0f96393d80032255495d6ac9fb
SHA256

59d9bcfc8c4d5ee0dc23e99624a38f646f15b08f533f2d2897106ecb5907b7c2
SHA512

a252e3503c70a1398ae73fcf9c264941152958589e717733b9f69cd9258f5d6de63abbd7afe8a5dd00947e8e351c7da4c9253d7db2b53415e6cc3c94df7f670a
SSDEEP

768:I9NACzV23l55m3+vCPHXlHSEQgBP3urkEp6KAPTrIntLpnFJ4g:IACzV2Dw3SC4cUrkEp6K4TurnFJR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42aba7e7d078c2cef73d8dda4496e07b_JaffaCakes118

Files

42aba7e7d078c2cef73d8dda4496e07b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2df80650cc1853520a241690a4ebf486

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisWaitEvent

ntoskrnl.exe

DbgBreakPointWithStatus
MmGetSystemRoutineAddress

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE