c8c469bf1d66edd3d4caec282e571c83_JaffaCakes118 | Triage

Sharing

General

Target

c8c469bf1d66edd3d4caec282e571c83_JaffaCakes118
Size

664KB
MD5

c8c469bf1d66edd3d4caec282e571c83
SHA1

192adba57f3c8a84e1a694e68d567ec6039f816a
SHA256

497685668773a12dcd7ae20c0aeaee4ab756b2c052fb3da592de0a78535c10a8
SHA512

a876c0ab61823c6534d3f9de7f6efbe9d7eb7a5ae67b8707ec52d25779be83b2cb941c855c5b89d20e22d15098df63e35f6fc9b065b207c5b2cff10c2d027660
SSDEEP

12288:UobXMI6UmqQWtnKooEdHR8wOu61w9dGOLoGePw++qpkHCATJvODvT9UIV:UKcUmqQWhfZGO0p/+zHCATArTj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8c469bf1d66edd3d4caec282e571c83_JaffaCakes118

Files

c8c469bf1d66edd3d4caec282e571c83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitSecurityInterfaceW
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
c
f
o
s

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.newIID
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE