a75ab11e10a8dd39ffd1ce243feb61b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a75ab11e10a8dd39ffd1ce243feb61b8_JaffaCakes118
Size

21KB
MD5

a75ab11e10a8dd39ffd1ce243feb61b8
SHA1

a2e683a74419cca4908398743efe5855393709fa
SHA256

5df75396f4bf580d6dd4f73a3a3c8f4972892b87b4005114a18fdda99c77dae3
SHA512

a5c7b8f8689090362f1638ae7cac9136269f476df219fe20ed4124f4bb2b56ed14df671e06a04e82270eb18be038be2f4e13296162a51e1ed66e3687b5686372
SSDEEP

384:PwKHLsvixJJNQNjiZbp58XCYEd3u5chWq3D7vvxlLYpW9pbWeEA:PTLsviz3QtCbH8XCYhmhWq3D7D1nH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a75ab11e10a8dd39ffd1ce243feb61b8_JaffaCakes118

Files

a75ab11e10a8dd39ffd1ce243feb61b8_JaffaCakes118
.exe windows:10 windows x86 arch:x86

7e2d4306f0da3247d503a074ace95137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

api-ms-win-core-crt-l2-1-0

_initterm

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

memcpy

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapFree

api-ms-win-core-synch-l1-1-0

InitializeSRWLock

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerListen

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

GetLengthSid

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

TpSetWait

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.MPRESS1
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e2d4306f0da3247d503a074ace95137

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.MPRESS1 Size: 12KB - Virtual size: 48KB

.MPRESS2 Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.MPRESS1
Size: 12KB - Virtual size: 48KB

.MPRESS2
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB