75d258d0c7fc741ef7664461240689b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75d258d0c7fc741ef7664461240689b2_JaffaCakes118
Size

14KB
MD5

75d258d0c7fc741ef7664461240689b2
SHA1

c5033e79e20482bc195e182593618f98b74f2e71
SHA256

a6321f4acc88c6df1b85ec0ba02946e6bf9eb3817a06609e375d776c791e17de
SHA512

d89911f38e1461e49e2b8eff8de4dc1c9bf26f827ea9e3a75a007994d97dc7fe63f9a8a7c2371d00a422360e553652fb58ffe5b85d44135ac98bcb64acb08511
SSDEEP

384:TIUJFErB1upEVfBemiriRn5YpvWrjLHWH:TFUBPemiGn5bLe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75d258d0c7fc741ef7664461240689b2_JaffaCakes118

Files

75d258d0c7fc741ef7664461240689b2_JaffaCakes118
.exe windows:10 windows x86 arch:x86

4367bf3cacf22f13d0707e1152405dab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

ntdll

RtlImageNtHeader

api-ms-win-core-com-l1-1-0

CoInitializeEx

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-heap-l1-1-0

HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-core-processthreads-l1-1-0

CreateProcessW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-file-l1-1-0

ReadFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-misc-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.MPRESS1
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4367bf3cacf22f13d0707e1152405dab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.MPRESS1 Size: 8KB - Virtual size: 32KB

.MPRESS2 Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.MPRESS1
Size: 8KB - Virtual size: 32KB

.MPRESS2
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB