7d0fb545d38921990aa0a7722d40f8d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d0fb545d38921990aa0a7722d40f8d0_JaffaCakes118
Size

26KB
MD5

7d0fb545d38921990aa0a7722d40f8d0
SHA1

4ddd35ae7da427af745a3a1422ae516eda4bd6b3
SHA256

0aa6f562424cae9b2f35671e91e789105141faa470026e5f342ca726bff2b393
SHA512

76addae1c6f320ae4caa963d6dec44d23df9ac794091a8f0a5fdf22c46f11cead5881acf0f548536b60c9ce1137a70a2bd1edbc61a68d279b5f7a69e78b5bc31
SSDEEP

768:uWNm/KqoeBe7yGTvE1OFejjhJ6izrm7DyN:ugpc87VvnejVJbnN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d0fb545d38921990aa0a7722d40f8d0_JaffaCakes118

Files

7d0fb545d38921990aa0a7722d40f8d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7778feafe1611b98151c335032a13b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

setupapi

SetupDiOpenDeviceInterfaceA

xerces-c_1_1

??1DOM_Node@@QAE@XZ

rpcrt4

UuidHash

ncmapi

NCM_Dealloc

user32

GetMessageA

advapi32

RegCloseKey

ole32

CoInitialize

oleaut32

SysFreeString

pnpapi

?InitNotify@CPnPApi@@QAE_NXZ

msvcr80

exit

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.MPRESS1
Size: 20KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE