bb5c0e62ebe2249ec9bd568aba747306_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb5c0e62ebe2249ec9bd568aba747306_JaffaCakes118
Size

5KB
MD5

bb5c0e62ebe2249ec9bd568aba747306
SHA1

b586908139ac72dd19973ec42a5c61340d138c75
SHA256

d6e17a2a6870294a739eb655414cdd3a763459101a461f7160085b2ce46a7db6
SHA512

8e6b13c7bea10ce26d94eb11771cf924418198dc1b75f8b0503ff86fbe8d1f1c642573088cacf8ba44db9a79b129d297047c1c97fa867bd7bcde029085707d1f
SSDEEP

96:zsdWmC+T7u7x/gl5fT9VnC7pUd1Kc2M/vN5UQx3rtOWtfDfsKhUkjkuT18SdIqvj:4saTC7x/gVpRC72d5dvNeSt9mklpL6a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb5c0e62ebe2249ec9bd568aba747306_JaffaCakes118

Files

bb5c0e62ebe2249ec9bd568aba747306_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c646350bf00d1a392fbafe56206af0c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
KdEnableDebugger

Sections

init
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ