62fab48340e9b709f2a827e746dae950_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62fab48340e9b709f2a827e746dae950_JaffaCakes118
Size

184KB
MD5

62fab48340e9b709f2a827e746dae950
SHA1

40a583374f72ae104f3bef9964c6f2585c8afa80
SHA256

8650324f1b3f390b5bbc40b8371229daab53648d46b7d40eede031107642d609
SHA512

c09cf4b8c60c48db42fc7ce4d33d51a601e2fa6cda8cf6604b28d80977db3c76791290d7195f7a33b3c957482a6dfb8282666589813bc522bbe627cd68afbff1
SSDEEP

3072:Yvv4OxtielGHPdyof75oC2gJ3cZTwYE3pCMJvpvfapCRw:aQNPP5z5oilEsYaT3fapCi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62fab48340e9b709f2a827e746dae950_JaffaCakes118

Files

62fab48340e9b709f2a827e746dae950_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2b0417c9fd2e5af9bf7029653696ba27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
RtlEqualUnicodeString
NtBuildNumber
RtlQueryRegistryValues
PsGetVersion
KeTickCount
MmIsAddressValid
RtlUnwind
ExAllocatePoolWithTag
ExFreePool
IofCompleteRequest

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 608B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 672B - Virtual size: 666B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 480B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ