2a8991a91a64c9536931e1fce93e4ab8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a8991a91a64c9536931e1fce93e4ab8_JaffaCakes118
Size

86KB
MD5

2a8991a91a64c9536931e1fce93e4ab8
SHA1

c5f16bc9c66441fa654e251126a8bf59c8df3cbb
SHA256

5b278a9b2491454707a20044a17b720143f2e2c4d45f1d5c4a236a25faf8c713
SHA512

4a1f475ccc5bedd67b01056b11555c836aae3dcd118c900a2c1650215f48dd8762b06604780612d231813ffd3abbc69d900d75685f2be39795335a8269ff30e1
SSDEEP

768:keI0KbPUMQBUagVVab61zntxSxsxi+ox8M4+hegHPRZczEDgHLR37DRrUHb0UlD:OPm8Vm61PSZ+q4+NvRZczEsrRhcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a8991a91a64c9536931e1fce93e4ab8_JaffaCakes118

Files

2a8991a91a64c9536931e1fce93e4ab8_JaffaCakes118
.exe windows:10 windows x86 arch:x86

9213c60bafda24bee5bab583165db8c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdi32

PatBlt

user32

ord2513

msvcrt

free

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-2-0

HeapFree

api-ms-win-core-errorhandling-l1-1-1

SetLastError

api-ms-win-core-com-l1-1-1

CoCancelCall

api-ms-win-eventing-provider-l1-1-0

EventRegister

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-2

QueueUserAPC

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

RevertToSelf

api-ms-win-core-registry-l1-1-0

RegCloseKey

sspicli

LsaLogonUser

crypt32

CertFreeCertificateContext

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-2-1

GetFileType

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

userenv

LoadUserProfileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-memory-l1-1-2

CreateFileMappingW

api-ms-win-core-sysinfo-l1-2-1

GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-1

GetStartupInfoA

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

wmsgapi

WmsgSendMessage

ntdll

NtClose

amsi

AmsiUacScan

comctl32

ord345

msctfmonitor

InitLocalMsCtfMonitor

msimg32

AlphaBlend

winsta

WinStationQueryInformationW

wtsapi32

WTSFreeMemory

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook

Sections

.MPRESS1
Size: 30KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9213c60bafda24bee5bab583165db8c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

sspicli

crypt32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-security-sddl-l1-1-0

userenv

api-ms-win-core-synch-l1-2-1

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-memory-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

wmsgapi

ntdll

amsi

comctl32

msctfmonitor

msimg32

winsta

wtsapi32

api-ms-win-core-delayload-l1-1-1

Sections

.MPRESS1 Size: 30KB - Virtual size: 148KB

.MPRESS2 Size: 6KB - Virtual size: 5KB

.rsrc Size: 49KB - Virtual size: 49KB

.MPRESS1
Size: 30KB - Virtual size: 148KB

.MPRESS2
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 49KB - Virtual size: 49KB