7918a49e54198d3935a6113de83fa0d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7918a49e54198d3935a6113de83fa0d5_JaffaCakes118
Size

41KB
MD5

7918a49e54198d3935a6113de83fa0d5
SHA1

30f2a4667a5261e6571898520bfa57adc2c67d73
SHA256

b504a73c7ad202f816e139684c3b556b0334c008e79ae35fa98726da5450c573
SHA512

5a8613ac2b75f31e954704f751d2ad8b3feb7b3ce74041dff7482addce4ffd90d1fe6d22e87573a1327c46e7331e1209d695fc5ec8b28211a4fc7d62e8fceafa
SSDEEP

768:kmSqNkM1rTU8AOXdmGAAzdKhydoF5rikMd1OtK5K2ZIIIIIIIIIIII4IFxJZ:ky6eTAkmGAbhrTs3p5fIIIIIIIIIIIIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7918a49e54198d3935a6113de83fa0d5_JaffaCakes118

Files

7918a49e54198d3935a6113de83fa0d5_JaffaCakes118
.sys windows:4 windows x86 arch:x86

2df80650cc1853520a241690a4ebf486

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisWaitEvent

ntoskrnl.exe

DbgBreakPointWithStatus
MmGetSystemRoutineAddress

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE