951001425d6a20ee87e53b363d2d73d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

951001425d6a20ee87e53b363d2d73d2_JaffaCakes118
Size

45KB
MD5

951001425d6a20ee87e53b363d2d73d2
SHA1

9c2b3d2c5bd70c4d2b9b4caebb183753e25862f5
SHA256

cae750c93a4eb57ce366c0be59f99de01eaedc4b07cf5f81441e3d364fb9f591
SHA512

68a9b68c2ce45d76f4682f56c5d702d5071cb71ebe664916c763fff71acf6849a9a7c81081bfa8d906ded72cfb5b787bbf655ceb8316935759a3a149a0ec5bbf
SSDEEP

768:QubYgOSeW7Unml2m6i42xPjZNOt7H/26sj60QL5v559c+aUFR4H/x08yKMS:fAW7Ulmz42zOVu6uE6W+H/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
951001425d6a20ee87e53b363d2d73d2_JaffaCakes118

Files

951001425d6a20ee87e53b363d2d73d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

514f6a82441c6d2f68062e8b93096037

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

??2@YAPAXI@Z

advapi32

RegQueryValueExA

Exports

Exports

NvSetUp

Sections

.text
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE