3ad35e7dd2d8f0b6021a116075a51123_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ad35e7dd2d8f0b6021a116075a51123_JaffaCakes118
Size

111KB
MD5

3ad35e7dd2d8f0b6021a116075a51123
SHA1

6d408a354c78c51c611e9ea7e1875b5139580112
SHA256

888991fdb8659760b8745d3eb01d4222b74f3205a44b9304a64c1d699152d367
SHA512

10b9989803e24db659f5667993cbe7f89778f8549c11f5ea9958042d6de1fe1e4343d45a0bc8f8a38590f18d126c75b60977929af6e67d70b823dcf0ff940391
SSDEEP

1536:Vm6+eNbHRVfTOG1FOj6AyEg4l0mwOJFhom1dfQBA:Ve6xVfTyj0Eg4lLwOpomrsA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ad35e7dd2d8f0b6021a116075a51123_JaffaCakes118

Files

3ad35e7dd2d8f0b6021a116075a51123_JaffaCakes118
.exe windows:5 windows x86 arch:x86

71eca607aa64119cecf9f2ab015ea0ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

CommandLineToArgvW

user32

ShowWindow

shlwapi

StrCmpW

msi

ord90

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.MPRESS1
Size: 24KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE