bde5505094b7ed95e7714ab459f64d7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bde5505094b7ed95e7714ab459f64d7a_JaffaCakes118
Size

14KB
MD5

bde5505094b7ed95e7714ab459f64d7a
SHA1

3cea41d318cdccd38062a20df35869846bc878ca
SHA256

caa85b231efefbd1e739f6ebd686dbd75ab0e2aac4f69212e47d12e44c3ebe2c
SHA512

6a3c76111a75f3bd25f3f088f0767ce2933fcbbe2b46a37be5eed53cab39e03918640ab926e31d6f20a74e85e98d106c9297061b1faa401d79bc97b59eb4beb3
SSDEEP

192:/VD5iDRL1wVpBN5067EZ0vxx822/tAQS3/fnijgI5Wfy4ti9dBxy5mYpPWKSLWuk:PPpnEYx14zS3n+j4q9dPyEYpPWKSLWp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde5505094b7ed95e7714ab459f64d7a_JaffaCakes118

Files

bde5505094b7ed95e7714ab459f64d7a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

40f8cb2108c01ab65fe0eda797066d33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

exit

ntdll

NtOpenFile

rpcrt4

NdrServerCall2

sspisrv

SspiSrvInitialize

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress

api-ms-win-core-localregistry-l1-1-0

RegCloseKey

api-ms-win-core-misc-l1-1-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-0

ExitThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

SetEvent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-security-base-l1-1-0

GetTokenInformation

Exports

Exports

LsaGetInterface
LsaRegisterExtension

Sections

.MPRESS1
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

40f8cb2108c01ab65fe0eda797066d33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

rpcrt4

sspisrv

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.MPRESS1 Size: 9KB - Virtual size: 32KB

.MPRESS2 Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.MPRESS1
Size: 9KB - Virtual size: 32KB

.MPRESS2
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB