62b87b7fb5252bfd112e79c13ddbaf51_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62b87b7fb5252bfd112e79c13ddbaf51_JaffaCakes118
Size

20KB
MD5

62b87b7fb5252bfd112e79c13ddbaf51
SHA1

a4337f71c5bfd644e7e1a5241f0a92e15ceba06d
SHA256

195e78aa16679b5fb1988a0a712a8101498a813dac39c1842112289af82d59f3
SHA512

129238aa6bfb02d13be6d309649ab719687058830497c41d6564b675329913e2e4b763bc107f1debb3b337ecb52059e3921247b996277dfd2b161cb7e9a76ca0
SSDEEP

384:YnpWLTpgI12g1oXCQZ0COqNUITHqdep5j01UZ/+:YgLTp112g1SC+eqNUmHu1U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62b87b7fb5252bfd112e79c13ddbaf51_JaffaCakes118

Files

62b87b7fb5252bfd112e79c13ddbaf51_JaffaCakes118
.sys windows:5 windows x86 arch:x86

102ccee4c741a5f37c09b9e6b8882116

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\winddk\3790~1.183\src\objfre_w2K_x86\i386\ProTProcess.pdb

Imports

ntoskrnl.exe

RtlCompareUnicodeString
RtlInitUnicodeString
ExFreePool
ZwQuerySystemInformation
ExAllocatePoolWithTag
DbgPrint
_except_handler3
IoFreeMdl
MmUnmapLockedPages
InterlockedExchange
ZwOpenProcess
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
KeTickCount

Sections

.text
Size: 896B - Virtual size: 780B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ