913ece31b3d602ded254186cbaa1f5b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

913ece31b3d602ded254186cbaa1f5b7_JaffaCakes118
Size

24KB
MD5

913ece31b3d602ded254186cbaa1f5b7
SHA1

2c9186f04d223432a854932de0b2210f1f40da4b
SHA256

2c0254ba64815f5605b692e04ca0bba9b066ebdb7d2ba98952e86819413b8157
SHA512

5132ec9162bfabece8f42c4acc215926355fb5b6ee6f3c68af0f902b35c5eab45eea27317a10a50ee5ea5522d49494c55b303caa8c235c54d432b1740e0cfebc
SSDEEP

384:F5P7Zj0/qLvbCLIH8WrM259IU860SPOxT546/ueZWqqkYDMyC7vvxlLFW6nWp:jZj0/78cNbUr0SPOxT5dLZH77DX0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
913ece31b3d602ded254186cbaa1f5b7_JaffaCakes118

Files

913ece31b3d602ded254186cbaa1f5b7_JaffaCakes118
.exe windows:10 windows x86 arch:x86

eb3fce250af2340bff265ff1c5e7ba80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

msvcp_win

?_Xlength_error@std@@YAXPBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

wcschr

api-ms-win-core-com-l1-1-0

CoInitializeEx

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

bcp47langs

Bcp47GetMuiForm

ntdll

WinSqmSetDWORD

appxdeploymentclient

ord34

Sections

.MPRESS1
Size: 16KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb3fce250af2340bff265ff1c5e7ba80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

bcp47langs

ntdll

appxdeploymentclient

Sections

.MPRESS1 Size: 16KB - Virtual size: 56KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.MPRESS1
Size: 16KB - Virtual size: 56KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB