80ddfcad28387b81f1b007e9075a0c63_JaffaCakes118 | Triage

Sharing

General

Target

80ddfcad28387b81f1b007e9075a0c63_JaffaCakes118
Size

40KB
MD5

80ddfcad28387b81f1b007e9075a0c63
SHA1

964185cac202e058679499acaea86eb78269b7a6
SHA256

c068df71ac75d70d473a32b360302ada7c12ae29596e1b218c907498bb8a08c4
SHA512

a16c0e84139ce6ca621c0f8b17050571fdd3d9b3aa693f56f07322af78fb3f679db97a28fce2842fbeb3ee84e46832298138a714f7975dea90cd9425e9f06302
SSDEEP

768:hAsRm+6+Y5QgWkprfNfnC9xRGdexA4BPjDmXjO4vj5FVDeZeG7D4Dw:hA3agWkp1ExRtZWXjDvj5qeBDw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80ddfcad28387b81f1b007e9075a0c63_JaffaCakes118

Files

80ddfcad28387b81f1b007e9075a0c63_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d0f71823419f35049be616dc60dd45e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

TraceEvent

msvcrt

free

ole32

CoTaskMemFree

rpcrt4

NdrServerCall2

mmdevapi

CleanupDeviceAPI

user32

UnregisterClassA

ntdll

NtClose

Sections

.MPRESS1
Size: 33KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE