b950ac32da28b68413de6161fcb8b25f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b950ac32da28b68413de6161fcb8b25f_JaffaCakes118
Size

76KB
MD5

b950ac32da28b68413de6161fcb8b25f
SHA1

a45a6ccf277300b3d0427dd7a4ff147d4446000f
SHA256

61ff1d9f358679727cf2f4d977b6da66ebace79e0d10e05f75cc64e2275057e9
SHA512

a1644ad30ab3bff25a377824e8656cf43331eaf0c35635fa13a881985377daf0bbb1dd335ee0d47148b43fe3ccc166636eda5a685da9b40b75caf343b5cd1cad
SSDEEP

1536:tRZ40U2am5J03er9cZlk5G9ip1YQgYRsM+t1nx:DdB5cZ4cQg4z+t1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b950ac32da28b68413de6161fcb8b25f_JaffaCakes118

Files

b950ac32da28b68413de6161fcb8b25f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

e741f532f6bfe10d59b857a5e588418e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExInitializeZone
RtlAppendUnicodeToString
InterlockedExchangeAdd
RtlEqualUnicodeString
RtlCompareMemory
KeQuerySystemTime
IoWMIWriteEvent

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ