b63e3089a89849888443d1e52634a49d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b63e3089a89849888443d1e52634a49d_JaffaCakes118
Size

6KB
MD5

b63e3089a89849888443d1e52634a49d
SHA1

37212223d65b793308679f7c1f3ae96404c46b8f
SHA256

c20c487f10443426a12bed09d6dc5682f68f49d37133d04eb354a48b5fd0c783
SHA512

9aa388d9f3a2e9ba2254286945cbb1123f0c72349dd8875897141082de44d5b2a8b885764936939300278fea9da04396b989a16b48aa910d63082d4092cd38b4
SSDEEP

192:YaJkTnRZSYLAR+v0IbiUsSunqbWhOGbwLU0C:Ya2lYZR+v0IGUknqAic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b63e3089a89849888443d1e52634a49d_JaffaCakes118

Files

b63e3089a89849888443d1e52634a49d_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c646350bf00d1a392fbafe56206af0c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
KdEnableDebugger

Sections

init
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ