c251e26e9dea0ef15eaf10a8ee723114_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c251e26e9dea0ef15eaf10a8ee723114_JaffaCakes118
Size

41KB
MD5

c251e26e9dea0ef15eaf10a8ee723114
SHA1

668f0fe5b8a0cd757b9f09063949081f8856072d
SHA256

d127e9968d8f93dc04e0d836231599897cb3f8a4eb692f5c06c16f0c07ddb0ed
SHA512

02ec227e0c0361668144e28a8f207f555ed5cf40183690148f650eb2bbcfacd8e47a77ad08a52d0599de94c69c3958caa3740da5f1f79c372f02d3858acdad41
SSDEEP

768:lbG6piESdOihDHF/uRHruqi4GnKEQEet95uV5NrH6N7Ug6wGMYYzMbj+:lbG6yd9LBuRLuqqK3Ee/5CXrH6N75jGK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c251e26e9dea0ef15eaf10a8ee723114_JaffaCakes118

Files

c251e26e9dea0ef15eaf10a8ee723114_JaffaCakes118
.sys windows:5 windows x86 arch:x86

8b23d83ec135876dfb9c2f385a9e9392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlLengthSecurityDescriptor
RtlStringFromGUID
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExUuidCreate

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ