61af71cc9520048938ca424f531a31c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61af71cc9520048938ca424f531a31c4_JaffaCakes118
Size

12KB
MD5

61af71cc9520048938ca424f531a31c4
SHA1

ec4daeba76aa71a16b0acac3e81eb1f15e86035f
SHA256

b3613515ca39470f158eda8851fd19bbbb624073c354152bd3a905c5e347df36
SHA512

04733e6e5eb070f237b7c42fb868649230a162da55c532835199c8f3146a2be092c35846981876256111f6805176bdf3db5e161045f20bbe7b9e910a405bb7b4
SSDEEP

96:GF1FtAijYBPwTNOTX7Y6dmoBUoHVj95H1i:GF1FtAijYZwTQXHQoBXHdl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61af71cc9520048938ca424f531a31c4_JaffaCakes118

Files

61af71cc9520048938ca424f531a31c4_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5f3420e9803def75ebaa9f4ebbf19d4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ZwAllocateVirtualMemory

Sections

.text
Size: 880B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 208B - Virtual size: 196B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 368B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ