61eb7dd600d55de02242123490a7640e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61eb7dd600d55de02242123490a7640e_JaffaCakes118
Size

18KB
MD5

61eb7dd600d55de02242123490a7640e
SHA1

e82b7b4db9f4a488ead60238acab6321a3e62ae9
SHA256

bcb44dcb2070fbcaf0c2b3aea778edac0845974423b938c8c593e69acf3be1a0
SHA512

8af3156c8707b535172b67c7c34db4f257bce0d5877afc7e977983ef285d1d29487a6e4fd155a82e6f6abf222b6140e97252ee3f3716bfeb5b791c83a3223723
SSDEEP

48:6WamuG4wyfqJrcrqF2bO2bRbgo5Ve3DOl/aiV0Wa:R8G1yfqV0qKOQiI03DO5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61eb7dd600d55de02242123490a7640e_JaffaCakes118

Files

61eb7dd600d55de02242123490a7640e_JaffaCakes118
.sys windows:5 windows x86 arch:x86

d79236bb83424e3d264c84a6896016f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwReadFile
RtlFreeUnicodeString
ZwCreateFile

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 928B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 224B - Virtual size: 224B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ