433f2ef5713aed602352c6ae63993e94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

433f2ef5713aed602352c6ae63993e94_JaffaCakes118
Size

50KB
MD5

433f2ef5713aed602352c6ae63993e94
SHA1

9186c21cf064972140734941c15b0bff17c08dfe
SHA256

07dca088dc3ab90178404e29b94df3f0864de8bed9f150e6f4151bc62fd0030c
SHA512

7e15714c316eb7d73f6ef6f03061f6f0df3bdc127638252535dff0ff990a201049946efd40c1537640855e4628a3104f36a5e53526e5c953e27b5a13e9a9b262
SSDEEP

1536:mqkh6FwxAG4ntvY6zYBFVmUy0Om8iH8GDdX/:mUGE/YBF4Tzm8QDdX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433f2ef5713aed602352c6ae63993e94_JaffaCakes118

Files

433f2ef5713aed602352c6ae63993e94_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a6527c3f321b0e49755d02c5ce489fa2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tcpip.sys

SetIPSecPtr
LookupRoute
IPFreeBuff

hal

HalProcessorIdle
KeRaiseIrql
KfLowerIrql

ntoskrnl.exe

IoPageRead
IoStopTimer
ZwClose

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.321
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.123oc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ