6078c7b9d2cd7e43e3fe059358060275_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6078c7b9d2cd7e43e3fe059358060275_JaffaCakes118
Size

61KB
MD5

6078c7b9d2cd7e43e3fe059358060275
SHA1

836976478bfc39270719594299c400a40b4471fb
SHA256

e671d1624357f2b428aa5a437d1c4a028c3bb9bee144643f3e8a075603e1ea68
SHA512

b140f9ad4851fd4a70694a7906fbd0b70754ad9d52ce54bfb8ca34ea392f104dd253b05e5f491de8802ec6acbc26606d52273c5748f178979544056c444c4d26
SSDEEP

1536:/7JBxkBb3H5wXUjR+JjYG0Aj3ViCzY4tT:/Xe1XSE4JjYGfxiYYeT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6078c7b9d2cd7e43e3fe059358060275_JaffaCakes118

Files

6078c7b9d2cd7e43e3fe059358060275_JaffaCakes118
.sys windows:4 windows x86 arch:x86

afd526a3275b3769711666d99fd263aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

KeAcquireQueuedSpinLock

ntoskrnl.exe

RtlGetDaclSecurityDescriptor
SeAccessCheck
ExInterlockedAddUlong
SeLockSubjectContext
RtlMapGenericMask
IoGetFileObjectGenericMapping
RtlEqualString
RtlInitString

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ