26290f46ce3123b41cfe204ebcb406a2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26290f46ce3123b41cfe204ebcb406a2_JaffaCakes118
Size

30KB
MD5

26290f46ce3123b41cfe204ebcb406a2
SHA1

b9df576359dc9dbe111bf47a79a45e1cd816eaa0
SHA256

540dbbbe8ff0be7b0e6b5dace3b1dc8e13890e58f0af8dcf9ec29b921c4d43fc
SHA512

1ccaffcfbfcb7c91b9bdf61d43d1a3b46aa83a82951efeb59572d6fda4ad34c03e339667a43a4d42a9e12d3b83f72a2bb709091895563c7f19e98869b67780fb
SSDEEP

768:iIB+q/FM9ZcjvSxJfer5K4D3WQSRfiK63LDt1OX+N47DzJ:BB+a0crGfwK/R6iuN+J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26290f46ce3123b41cfe204ebcb406a2_JaffaCakes118

Files

26290f46ce3123b41cfe204ebcb406a2_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3d0e49b527d593f8431b72d9e7f7e2b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-processthreads-l1-1-2

ExitProcess

api-ms-win-core-errorhandling-l1-1-1

GetLastError

api-ms-win-security-base-l1-2-0

CopySid

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-2-0

HeapFree

api-ms-win-core-synch-l1-2-0

Sleep

rpcrt4

UuidCreate

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook

ntdll

EtwTraceMessage

api-ms-win-core-file-l1-2-1

ReadFile

api-ms-win-core-kernel32-legacy-l1-1-1

BindIoCompletionCallback

Sections

.MPRESS1
Size: 22KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d0e49b527d593f8431b72d9e7f7e2b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-synch-l1-2-0

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

ntdll

api-ms-win-core-file-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

Sections

.MPRESS1 Size: 22KB - Virtual size: 88KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.MPRESS1
Size: 22KB - Virtual size: 88KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB