fb4d87a286404394411a1661f7860194_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb4d87a286404394411a1661f7860194_JaffaCakes118
Size

30KB
MD5

fb4d87a286404394411a1661f7860194
SHA1

9c7d036b28373f8036429365b2e6f9316a86dbc6
SHA256

02be78a73af935854de5fc39c5b02971d4cbc7fb18a23df1daa14d02e2b130c1
SHA512

fe98db4d558821a9fca988f10ec856601df7030fad548f252cdc8a5406933a8964f8b6465eb221756c624cdb351593b2f265a3a5d951f494fc8bca8732a6a7ca
SSDEEP

768:pLtlNQ+7MvYzzJ6vmpRYzzxozZBpb8l/SB0cyVOFE/o4CHr4zmzzzNxz6zy:R1Q+3TpRLBpb8ZSeZoFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb4d87a286404394411a1661f7860194_JaffaCakes118

Files

fb4d87a286404394411a1661f7860194_JaffaCakes118
.sys windows:4 windows x86 arch:x86

caed740047327835987440169debea21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64B - Virtual size: 35B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 96B - Virtual size: 86B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ