6a4d094fd8f46b757e4a732c317e85e6_JaffaCakes118 | Triage

Sharing

General

Target

6a4d094fd8f46b757e4a732c317e85e6_JaffaCakes118
Size

33KB
MD5

6a4d094fd8f46b757e4a732c317e85e6
SHA1

ca7e5ec61c8c3df27378529e37c5ff34e9128407
SHA256

a81166c5d04f755abd2de97f21308a74fea0f0b39521d506be3081c3a697ae7a
SHA512

b2370c6e52897d9e8186943381fd89e3a2a76c3096ecb6a3c32750624c30e67982a9fbf7e65e58bd79d558850f1e584055fd572ade29e44e36fd2e475f8638b0
SSDEEP

384:fnPNEZ8jqab/iCeEBYpZB+JL2XDOI/EMgS81UfWWmHW:XNE6ib4YWmDOKO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a4d094fd8f46b757e4a732c317e85e6_JaffaCakes118

Files

6a4d094fd8f46b757e4a732c317e85e6_JaffaCakes118
.exe windows:10 windows x86 arch:x86

e567fc5ef666725c46a2bcf9c7cfa428

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

advapi32

RegCloseKey

devobj

DevObjGetClassDevs

Sections

.MPRESS1
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 961B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE