a6aae05278e62718b2758ba9861fa68c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6aae05278e62718b2758ba9861fa68c_JaffaCakes118
Size

6KB
MD5

a6aae05278e62718b2758ba9861fa68c
SHA1

551547e3d39eb406ddd5cd5f2758d5f9ad8d65d1
SHA256

7a687719ddd8d271f650a480145c5de4a9c37de04064adaf13bea26bee830b74
SHA512

f249960ef44c0e42f4c3fac311a143cf723155df0a29209c7ebaae32db58ac3af51a1d77308950fc34dff3698b4433662f9a43f1d17489da0729fd1fedcc5600
SSDEEP

96:4Ony+sbAO4OuIojX/fJ+6Jkdwxxd9z5MLwPAoAIwQ+Q/Knv18S:aRbAO4pHX/x+6CdwxvALsAo5wy/K9L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6aae05278e62718b2758ba9861fa68c_JaffaCakes118

Files

a6aae05278e62718b2758ba9861fa68c_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a68650e01632e16838ff401f46eece2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmSystemRangeStart
MmGetSystemRoutineAddress
ExAllocatePool

Sections

init
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 160B - Virtual size: 138B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ