bf5bb397774b9cf8d6b78d1b1c761eb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf5bb397774b9cf8d6b78d1b1c761eb3_JaffaCakes118
Size

44KB
MD5

bf5bb397774b9cf8d6b78d1b1c761eb3
SHA1

b4b65f74c4cbe5243bca176da3cc8ef3a8000a46
SHA256

e6775e1d4a883334ef077e96cd11911c57eaab8f1bfab4cca8ca7c9cc73cbfea
SHA512

74b2cf3059a1d2237dc104c8bd33b04e2f2c729cc30c197595a61cffe7efda168b3ed2765e21863c63ea97c45c587bdda09c7e969ddfb71ed8542a892268592e
SSDEEP

768:Mo52Ney8fD8Bq+xhsW+OcxMYE5nWWW/DR6QQygilkdDsHKMToU4+QQ9qCIv+:M62NnSh+xZPWWW/N2xsZqeoU4+pIv+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf5bb397774b9cf8d6b78d1b1c761eb3_JaffaCakes118

Files

bf5bb397774b9cf8d6b78d1b1c761eb3_JaffaCakes118
.sys windows:4 windows x86 arch:x86

0a7c08f85250d9ae8baee4691bd2f1b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ord38804
ord38818
ord38842
ord38866
ord38876
ord38892
ord38902
ord38920
ord38932
ord38952
ord38962
ord38972
ord38984
ord38998
ord39010
ord39034
ord39044
ord39056
ord39076
ord39098
ord39108
ord39130
ord39144
ord39154
ord39164
ord39196
ord39220
ord39248
ord39262
ord39286
ord39302
ord39328
ord39348
ord39364
ord39376
ord39402
ord39430
ord39454
ord39490
ord39502
ord39512
ord39522
ord39556
ord39570
ord39594
ord39612
ord39636
ord39654
ord39684
ord39694

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 96B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWMI
Size: 32B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDRV
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESYS
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEALL
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECODE
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGERES
Size: 32B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a7c08f85250d9ae8baee4691bd2f1b1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 96B - Virtual size: 67B

PAGEWMI Size: 32B - Virtual size: 10B

PAGEDRV Size: 32B - Virtual size: 8B

PAGESYS Size: 32B - Virtual size: 8B

PAGEALL Size: 32B - Virtual size: 8B

PAGEDATA Size: 32B - Virtual size: 8B

PAGECODE Size: 32B - Virtual size: 8B

PAGERES Size: 32B - Virtual size: 3B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 96B - Virtual size: 67B

PAGEWMI
Size: 32B - Virtual size: 10B

PAGEDRV
Size: 32B - Virtual size: 8B

PAGESYS
Size: 32B - Virtual size: 8B

PAGEALL
Size: 32B - Virtual size: 8B

PAGEDATA
Size: 32B - Virtual size: 8B

PAGECODE
Size: 32B - Virtual size: 8B

PAGERES
Size: 32B - Virtual size: 3B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB