e256533e221ddd134658b3a086f69ea2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e256533e221ddd134658b3a086f69ea2_JaffaCakes118
Size

41KB
MD5

e256533e221ddd134658b3a086f69ea2
SHA1

2979dded96f33ddde821d0a87827d9a3aad694ed
SHA256

ec437abfd91a6930a44b758a6f5f5c41792322bc7521661072d074def48148e6
SHA512

52d21409a90fb4abb0a3115cd4988e1cb739595d9eb39d85528494f5a77374525d552cc3e620e17dc2a1d948808a72d5a6121b822cf1c48d2b56f9936ac204f5
SSDEEP

768:sqc/lU5rGL9tH7MB8gdLZvyaaeqiUclf/prUjW0w18KfcKhuQxZTeV2:sf/+5rajHYB8gdLZpx5Rlf/5gtw1EKH7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e256533e221ddd134658b3a086f69ea2_JaffaCakes118

Files

e256533e221ddd134658b3a086f69ea2_JaffaCakes118
.exe windows:10 windows x86 arch:x86

391a32af292d40fbf2887a97cbd04883

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lpkinstall.pdb

Imports

user32

TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

msvcrt

_onexit
??0exception@@QAE@ABQBDH@Z
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_callnewh
malloc
??1type_info@@UAE@XZ
_purecall
memmove
__CxxFrameHandler3
??3@YAXPAX@Z
_initterm
__setusermatherr
memcpy
__p__fmode
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_cexit
_except_handler4_common
_controlfp
free
abort
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_CxxThrowException
_XcptFilter

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
SetEvent
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString
SysAllocString
VariantInit

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtGetMUIRegistryInfo

ole32

CoInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

391a32af292d40fbf2887a97cbd04883

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

ole32

api-ms-win-core-util-l1-1-0

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 30KB

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 30KB