fbf6b7ec3f4ca95ca6446053e9eeb9f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbf6b7ec3f4ca95ca6446053e9eeb9f1_JaffaCakes118
Size

36KB
MD5

fbf6b7ec3f4ca95ca6446053e9eeb9f1
SHA1

7610eb4ff8daaeeeedf82a3e12c9fceaa88776c5
SHA256

5772f726f78cd43dd151bc2d0c422c6c5f81660865033f5f92aedaaef10a38c4
SHA512

04469f730f9119f1646ff6725e6b4862ecf4043979253fce78322015fa50c984e4452a9d77e6e229d764dbe04fa8429e21555edf8b9d7cca4f895455fda606f6
SSDEEP

768:G64MNpzkbQmRZNGsd5ZT/jmvBr9lo60gaJWiIpdP:G640eZN34YgiCd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbf6b7ec3f4ca95ca6446053e9eeb9f1_JaffaCakes118

Files

fbf6b7ec3f4ca95ca6446053e9eeb9f1_JaffaCakes118
.sys windows:4 windows x86 arch:x86

5ad7f28b5b305ca8e8bfab95f9db58c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ord30322
ord30344
ord30370
ord30402
ord30434
ord30454
ord30478
ord30506
ord30516
ord30544
ord30560
ord30584
ord30608
ord30618
ord30638
ord30662
ord30680
ord30704
ord30730
ord30752
ord30778
ord30788
ord30798
ord30822
ord30842
ord30858
ord30882
ord30900
ord30918
ord30942
ord30962
ord30982
ord30996
ord31006
ord31018
ord31030
ord30298
ord31050
ord31078
ord31106
ord31136
ord31164
ord31190
ord31224
ord31240
ord31270
ord31282
ord31304
ord31314
ord31334
ord31362
ord31374
ord31396
ord31416
ord31434
ord31446
ord31472
ord31488
ord31520
ord31544
ord31566
ord31582
ord31604
ord31632
ord31642
ord31664
ord31678
ord31704
ord31718
ord31752
ord31764
ord31792
ord31820
ord31848
ord30282
ord30254
ord30234
ord30210
ord31040
ord30200

hal

ord31944
ord31930
ord31910
ord31890
ord31968

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ