b02d39f23da432a2dd65973c0b0e18de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b02d39f23da432a2dd65973c0b0e18de_JaffaCakes118
Size

2KB
MD5

b02d39f23da432a2dd65973c0b0e18de
SHA1

20cb8ce08d561f9fcacb8ad0f44f7748b9736239
SHA256

3e41d2f65d9fb0b333991286a627035c2e3ce7b61b0ef38610dcedf056cbd039
SHA512

6aedd818cc05e54efae435eb50d7300b5cfcf0d871a818240c5a8d6b8b6f18dd1bdf5e5c425f471ef737ab934bf298174a2a4a42f6a775b45c6166ffe52d884b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b02d39f23da432a2dd65973c0b0e18de_JaffaCakes118

Files

b02d39f23da432a2dd65973c0b0e18de_JaffaCakes118
.sys windows:4 windows x86 arch:x86

9b2d43b2bc8660bbb6136ac3dcdb3e83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
ExFreePool
KeInitializeDpc
KeInsertQueueDpc
_wcsnicmp
NtBuildNumber
KeServiceDescriptorTable
KeNumberProcessors

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ