General
-
Target
JaffaCakes118_f6d638db922159782749568d4c2bb9c0
-
Size
193KB
-
MD5
f6d638db922159782749568d4c2bb9c0
-
SHA1
3c06a4637ef067f30923321ac7e8990231c11994
-
SHA256
56a9f2a23f8148d2b5cfc02b15e6d75d36eb19ed891bbfeaadc59075a95bba55
-
SHA512
5c541dbd636be6b761cbd2c04bd2eaaab0acfc39f620f2f41bf2aeea5edf7d32b64ee1ee44f51527a9bb3ead429c3202f30044e389607088c4f5f708507a894f
-
SSDEEP
3072:8r85C1iTOZQvfSERdX9Zk8AtB+flovvC/Y6V6z5jmVZklFYCFQCexxlG3/Nu+4Uy:09kjRsB+Rccx9
Score
10/10
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_f6d638db922159782749568d4c2bb9c0
Files
-
JaffaCakes118_f6d638db922159782749568d4c2bb9c0.sys windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 64B - Virtual size: 5B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ