b924a827e0dbf0906eef36aabce89912_JaffaCakes118

General

Target

b924a827e0dbf0906eef36aabce89912_JaffaCakes118
Size

56KB
MD5

b924a827e0dbf0906eef36aabce89912
SHA1

1742ca2188a0816cac9a60fccfcce2159a1f30ca
SHA256

4afe4cbf0650b9f4ee8c1d5c10b66a7a5cef1a9c87e1449eacd13740106b75f7
SHA512

be1abb17d0daf970e0be83a54f7105ca933f267bae38d1a57f7ec76debb785633d6c741f98952a4ffa7a219286b6694b4a79cd5df06846f176755f0a13ccd911
SSDEEP

1536:ftSDB1/kTXlQh4EgRbY19mHlnVaB2GndX7ebV353eGHLF:Fk1/KlQMVY1sFVaMW+V35pHLF

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lunatic NoMenu/Injector.dll
unpack001/Lunatic NoMenu/Injector.exe

Files

b924a827e0dbf0906eef36aabce89912_JaffaCakes118
.rar
Lunatic NoMenu/Injector.dll
.dll windows:5 windows x86 arch:x86

67a6a4570f06190af0ad806d7fdc330d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetAsyncKeyState

msvcr100d

_lock

Sections

.MPRESS1
Size: 7KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Lunatic NoMenu/Injector.exe
.exe windows:5 windows x86 arch:x86

4fb58bd54e61148e45bdffaff8ee72e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndDialog

Sections

.MPRESS1
Size: 24KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Lunatic NoMenu/READ ME.txt

Sharing

General

Malware Config

Signatures

Files

67a6a4570f06190af0ad806d7fdc330d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr100d

Sections

.MPRESS1 Size: 7KB - Virtual size: 104KB

.MPRESS2 Size: 1024B - Virtual size: 920B

.rsrc Size: 512B - Virtual size: 496B

4fb58bd54e61148e45bdffaff8ee72e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.MPRESS1 Size: 24KB - Virtual size: 228KB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 93KB - Virtual size: 92KB

.MPRESS1
Size: 7KB - Virtual size: 104KB

.MPRESS2
Size: 1024B - Virtual size: 920B

.rsrc
Size: 512B - Virtual size: 496B

.MPRESS1
Size: 24KB - Virtual size: 228KB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 93KB - Virtual size: 92KB