ceacfd2067fcfec97fb841eefd3ae0bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ceacfd2067fcfec97fb841eefd3ae0bd_JaffaCakes118
Size

1.5MB
MD5

ceacfd2067fcfec97fb841eefd3ae0bd
SHA1

742af97837c10f40c40f2d8f52831fc8d6af8aec
SHA256

a517ccf6767c251bc9cde93ce06e849747bb3e9faa2ed1153e9c46f39c1831f8
SHA512

9aa648b7cb693d57eb9588a72afd82173d49d1a8c33d1f23090d9fe5c62276c6060e48d8cad64ce0b14fedf73037a105198acb486f83055423bcef9584a1bcbc
SSDEEP

24576:ZFpQqmMkhw30isYXAvyi/e2GpjVUPfzX6uAoXi/f2L3+dicaVUIRoj+Nf:Z/3mHSam3qHmorpAoMf2L3RVUICqNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lpk.dll
unpack001/wxServer.exe

Files

ceacfd2067fcfec97fb841eefd3ae0bd_JaffaCakes118
.rar
lpk.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

5Avip0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5Avip1
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5Avip2
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wxServer.exe
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomDataRequestEvent
EurekaLog_CustomFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

Sections

CODE
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kgyr2ms2
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

799w07hg
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

18eugli8
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0obaqv4x
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

5Avip0 Size: - Virtual size: 108KB

5Avip1 Size: 22KB - Virtual size: 27KB

5Avip2 Size: 64KB - Virtual size: 63KB

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: - Virtual size: 1.8MB

DATA Size: - Virtual size: 56KB

BSS Size: - Virtual size: 24KB

kgyr2ms2 Size: - Virtual size: 16KB

.edata Size: 1KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

799w07hg Size: - Virtual size: 120KB

.rsrc Size: 113KB - Virtual size: 776KB

18eugli8 Size: - Virtual size: 252KB

0obaqv4x Size: 1.5MB - Virtual size: 1.5MB

5Avip0
Size: - Virtual size: 108KB

5Avip1
Size: 22KB - Virtual size: 27KB

5Avip2
Size: 64KB - Virtual size: 63KB

CODE
Size: - Virtual size: 1.8MB

DATA
Size: - Virtual size: 56KB

BSS
Size: - Virtual size: 24KB

kgyr2ms2
Size: - Virtual size: 16KB

.edata
Size: 1KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

799w07hg
Size: - Virtual size: 120KB

.rsrc
Size: 113KB - Virtual size: 776KB

18eugli8
Size: - Virtual size: 252KB

0obaqv4x
Size: 1.5MB - Virtual size: 1.5MB