8d2dd3185f3e02b82f9abce2158fb82a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d2dd3185f3e02b82f9abce2158fb82a_JaffaCakes118
Size

251KB
MD5

8d2dd3185f3e02b82f9abce2158fb82a
SHA1

59a53172012cdb5b89174123f5a82cfe8175f640
SHA256

7ccab6f3b07ecc910ea2404e40a1229621774bcdf68115660624eca1be41a9c8
SHA512

a951fb09efdc9ca4d0e7b1f327893eb96ad4d16bd57bfdba989655867290da06ca03e2df55ac80c5149c75ff5d51096d899af0ea61c946180b50bbbc563a901c
SSDEEP

6144:rU71hyxlC++QcpyV8Bd0Wc6MoWifI4WrVSA8fWrWJsVlIo:g71JpxBKWrIzqyn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d2dd3185f3e02b82f9abce2158fb82a_JaffaCakes118

Files

8d2dd3185f3e02b82f9abce2158fb82a_JaffaCakes118
.exe windows:10 windows x86 arch:x86

096cf014a20e64d3571013f30ec767c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

gdi32

LineTo

user32

GetDC

mfc42u

ord4279

msvcrt

exit

shlwapi

ord628

oleaut32

VarR8FromDec

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

rpcrt4

UuidCreate

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

CreateMutexW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

CreateThread

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-eventing-provider-l1-1-0

EventSetInformation

comctl32

ord381

comdlg32

GetFileTitleW

ntdll

WinSqmEndSession

ole32

CoInitialize

propsys

PropVariantToUInt32

shell32

ord155

winmm

timeGetTime

Sections

.MPRESS1
Size: 241KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

096cf014a20e64d3571013f30ec767c2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

mfc42u

msvcrt

shlwapi

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

rpcrt4

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-localization-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-eventing-provider-l1-1-0

comctl32

comdlg32

ntdll

ole32

propsys

shell32

winmm

Sections

.MPRESS1 Size: 241KB - Virtual size: 740KB

.MPRESS2 Size: 6KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 2KB

.MPRESS1
Size: 241KB - Virtual size: 740KB

.MPRESS2
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB