b1ff58e024bb891cd6dee30d0f0e3ec5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1ff58e024bb891cd6dee30d0f0e3ec5_JaffaCakes118
Size

68KB
MD5

b1ff58e024bb891cd6dee30d0f0e3ec5
SHA1

0c19ea7d4e16335ae3671fd0fab71987c3ada4b5
SHA256

475f02446e29f1b48a8b11fb8969fa50bd97b1a6b07547e4be57e9e61f8738f0
SHA512

464d5cbd10d2dcf0c472802e4d262a277a601a992eca18968689fad24559933921a9ef238f2d2a5fc78164c65cc8d497c0b11bd072c8d1c36062e32e7de99186
SSDEEP

1536:fqM1mmHrBWWwFjcXy/kjmwGSRSLV6IDgw9Mn51sJ:p11rBAjyy/jI6gf6c5OJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1ff58e024bb891cd6dee30d0f0e3ec5_JaffaCakes118

Files

b1ff58e024bb891cd6dee30d0f0e3ec5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cfa615b1f31a1f74d722c30b1ec5c475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

PathFileExistsA

setupapi

CM_Locate_DevNodeA

advapi32

RegCloseKey

newdev

DiUninstallDevice

Sections

.MPRESS1
Size: 62KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE