d2b3dd66923dd9f5b12120611e8ef4f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2b3dd66923dd9f5b12120611e8ef4f0_JaffaCakes118
Size

16KB
MD5

d2b3dd66923dd9f5b12120611e8ef4f0
SHA1

4828ae06d754c270231ea3b19bb876dc3c4255b4
SHA256

76b9da26ebd40aedc71859e6e539d5c9ffed2679906a432a6200c717e8242cd2
SHA512

90449201f830a4b77a960cf52cd842b5ab13df214b614c7f6031e76cdc0e46bb7e365627addb8aae73d1b1ef78d2ff8c5438972cac9c9a1948bda1d788afeb22
SSDEEP

192:naT/3sDbd5V3mAPz3BlHAAqQZmrC56BHFplI/GGlWF+NDbYZcIJtW3B6ZUp:aT/3gPV3rP/AALsrxl8FXYZcIJtsQZU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2b3dd66923dd9f5b12120611e8ef4f0_JaffaCakes118

Files

d2b3dd66923dd9f5b12120611e8ef4f0_JaffaCakes118
.sys windows:4 windows x86 arch:x86

6b4a9ff929f12767b658c4b4ccc90e9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ord23496
ord23512
ord23530
ord23554
ord23568
ord23588
ord23608
ord23624
ord23652
ord23676
ord23704
ord23720
ord23738
ord23748
ord23776

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 410B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 832B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ