c1fc0359aebfcaa98ce92932c3c7d845_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1fc0359aebfcaa98ce92932c3c7d845_JaffaCakes118
Size

243KB
MD5

c1fc0359aebfcaa98ce92932c3c7d845
SHA1

994aac0aeae8145316514e8d77679bfdafb0bdd6
SHA256

95cafad41ed9b9f55fa1d7f877e189364c1a9eaab7a8c0756b77f874c65f0fee
SHA512

cc630cc3997b7fea901c51b90f51e69fd9cd286305be157b3ecdcc216ce0fd24f89be97fd39713f433592caf2f7a785bd507cfd8b33f1192c861b70a2712e598
SSDEEP

3072:ycFVOHOMVZ44D1XlTuyrt4XQcrjeBF+qNlmlr7jCeYObQ2OEhPkwncHSDAuMM6e:LpMVzD11hteQIiC72lqO0XcHSUu2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1fc0359aebfcaa98ce92932c3c7d845_JaffaCakes118

Files

c1fc0359aebfcaa98ce92932c3c7d845_JaffaCakes118
.sys windows:5 windows x86 arch:x86

23116e19ae26526ee50422965376e81b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
KeDelayExecutionThread
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
memset
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 128B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 306B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ