86e24182f9c064592862674346eb3c71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86e24182f9c064592862674346eb3c71_JaffaCakes118
Size

44KB
MD5

86e24182f9c064592862674346eb3c71
SHA1

d5cd7647ce938a2d451752dd5ba1ee54f8c7ccc5
SHA256

91c6c90632bf147c0c8af256250e855b3c20a2c85a6731dc8b0b8e9598f0fc7b
SHA512

ae421b2537e8e151cb4f8a14df7c08e042f7d01589c641770894e1f49737b6f118457bfb1f4a879596dc03a9c2c797034f7f4d76d23305778244a6e92299b105
SSDEEP

768:yHI0iKr2nIFUoXBbZfm575QfXQXjxB3mrq5w/ILtm9tKJRC7Y7s+:EFiKancUoXzmF5ICTmrh/ILtmeg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86e24182f9c064592862674346eb3c71_JaffaCakes118

Files

86e24182f9c064592862674346eb3c71_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a36209e0e4dd05a95c8d7a323c723dea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ord5856
ord5868
ord5878
ord5890
ord5914
ord5930
ord5940
ord5962
ord5978
ord5988
ord6000
ord6016
ord6034
ord6058
ord6076
ord6112
ord6138
ord6164
ord6184
ord6202
ord6222
ord6234
ord6262
ord6286
ord6308
ord6322
ord6346
ord6366
ord6380
ord6394
ord6418
ord6430
ord6440
ord6450
ord6482
ord6506
ord6516
ord6526
ord6540
ord6552
ord6574
ord6584
ord6614
ord6628
ord6638
ord6648
ord6658
ord6692
ord6720
ord6744

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECODE
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGERES
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 96B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a36209e0e4dd05a95c8d7a323c723dea

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 8B

PAGECODE Size: 32B - Virtual size: 8B

PAGERES Size: 32B - Virtual size: 3B

PAGE Size: 96B - Virtual size: 76B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 8B

PAGECODE
Size: 32B - Virtual size: 8B

PAGERES
Size: 32B - Virtual size: 3B

PAGE
Size: 96B - Virtual size: 76B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB