e16c64a5524b9df8928cb85a546602b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e16c64a5524b9df8928cb85a546602b8_JaffaCakes118
Size

8KB
MD5

e16c64a5524b9df8928cb85a546602b8
SHA1

9eaacc428c2fd87281ceb11debf1875a1d82e1c1
SHA256

0056fb4aa914c7d2e46775a9008a154fbc6eba9335f3ff4fae8ba08c5e8db3b9
SHA512

3fd35dfc619711e19326b5d5304f0b8e3d2e7246d231f7842a5015039084f06e8fe674893715ea039d4d0618d042b22a014278418c84c5a4c6c256c89c904e85
SSDEEP

192:adaNLXicgrdwjxNFuoTsrI2758jwyiwK+CHCtcEznytgJ+0:+eTZKqjfkZr7ICHEnytgp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bladepwd.exe

Files

e16c64a5524b9df8928cb85a546602b8_JaffaCakes118
.zip
bladepwd.c
bladepwd.exe
.exe windows:4 windows x86 arch:x86

1f5128916b4d62cf04712b39bfdca5b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
exit
fclose
fgetc
floor
fopen
fread
free
fwrite
malloc
memcpy
memset
perror
printf
setbuf
signal
strlen
tolower

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rotor.c