8e3f53eabc1611e2797db551e4db66f4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e3f53eabc1611e2797db551e4db66f4_JaffaCakes118
Size

87KB
MD5

8e3f53eabc1611e2797db551e4db66f4
SHA1

90c61d3dcc2e90c899dd120fdc833c9cc9f32474
SHA256

e8351e3454480c0e6c106fe1ab72e15a8ce8cef009b4d4e8c6f4171fb13094f7
SHA512

e88d8496c1eab795654351fbb0a82b53b32578c6f3d8a6401bd809c370b9f60817e22915822e0409cc925b869e84bcb858ef4960b1278ca110a02abffdc27302
SSDEEP

768:PWMlOqWvau0oxFUfEkTB6JTQuar9Jn6dNObYUP8btLD7DT7U3bkUVn:PWMlTyau0OUTEiuarTUAbYUOtLvM9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e3f53eabc1611e2797db551e4db66f4_JaffaCakes118

Files

8e3f53eabc1611e2797db551e4db66f4_JaffaCakes118
.exe windows:10 windows x86 arch:x86

e99403c059dfd8706a9df46354b25e77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdi32

BitBlt

user32

ord2513

msvcrt

free

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-synch-l1-1-0

SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-com-l1-1-0

CoCancelCall

api-ms-win-eventing-provider-l1-1-0

EventRegister

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-0

ResumeThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-registry-l1-1-0

RegCloseKey

sspicli

LsaLogonUser

crypt32

CertFreeCertificateContext

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

userenv

LoadUserProfileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

wmsgapi

WmsgSendMessage

ntdll

NtClose

amsi

AmsiUacScan

comctl32

ord345

msctfmonitor

InitLocalMsCtfMonitor

msimg32

AlphaBlend

winsta

WinStationQueryInformationW

wtsapi32

WTSFreeMemory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.MPRESS1
Size: 31KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e99403c059dfd8706a9df46354b25e77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

sspicli

crypt32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-sddl-l1-1-0

userenv

api-ms-win-core-synch-l1-2-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

wmsgapi

ntdll

amsi

comctl32

msctfmonitor

msimg32

winsta

wtsapi32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.MPRESS1 Size: 31KB - Virtual size: 152KB

.MPRESS2 Size: 6KB - Virtual size: 5KB

.rsrc Size: 49KB - Virtual size: 49KB

.MPRESS1
Size: 31KB - Virtual size: 152KB

.MPRESS2
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 49KB - Virtual size: 49KB