3f1ec65bbad4e717da19c4e1aa3be9d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f1ec65bbad4e717da19c4e1aa3be9d9_JaffaCakes118
Size

6KB
MD5

3f1ec65bbad4e717da19c4e1aa3be9d9
SHA1

7a0cb0888cd2412b26881a73f941988d2719c723
SHA256

11e14ff723464e6a88a9e63a50349dc37a06b04528d7b24f2a36aea59fb27feb
SHA512

cbf813d58e87be07e58be4b3ba3a70c6537c1e5ed3fdfabab386ef3b12000a1c235244b2c026cc7dda70f6e79f96ed87ea4f2688f2aae8cddf56c76ce7f7738d
SSDEEP

192:fNjagS7ykKyeyjOvrH3ERC4s6UO+iKItLDB:fNja7ykK/vgSWp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f1ec65bbad4e717da19c4e1aa3be9d9_JaffaCakes118

Files

3f1ec65bbad4e717da19c4e1aa3be9d9_JaffaCakes118
.sys windows:4 windows x86 arch:x86

c646350bf00d1a392fbafe56206af0c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
KdEnableDebugger

Sections

init
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ