130385e90b8f95960ce84cd5d3a37aa8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

130385e90b8f95960ce84cd5d3a37aa8_JaffaCakes118
Size

58KB
MD5

130385e90b8f95960ce84cd5d3a37aa8
SHA1

3dc2567840eeea1b834a0bc5f35e5ac6c17284c5
SHA256

a12790aefb0b75f75a515b4b552a8a5c0961f6d050a9ea61b3a9525e105b48b1
SHA512

f4f1fcfb45e2bc2413fa1a05cf3255f860037b5789785ea60880b1dbe443c4e4324d44811c11ed40370903407a1d4abce77b80ed5fea96e4096cf9f36bc53f5e
SSDEEP

1536:UGX3ntEX/4YoqBCyU4fpU0L6BkaO4q04Wbrr:UGX3ntBNqBCQUgiap04Qr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
130385e90b8f95960ce84cd5d3a37aa8_JaffaCakes118

Files

130385e90b8f95960ce84cd5d3a37aa8_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d276ecf4a3fc872788cb5080e1acd570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lodctr.pdb

Imports

loadperf

UpdatePerfNameFilesA
LoadPerfCounterTextStringsW
LpReleaseInstallationMutex
BackupPerfRegistryToFileW
RestorePerfRegistryFromFileW
SetServiceAsTrustedW
LpAcquireInstallationMutex

advapi32

FreeSid
InitializeSecurityDescriptor
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
IsTextUnicode
AllocateAndInitializeSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl

kernel32

GetProcessHeap
MultiByteToWideChar
lstrlenA
SearchPathA
lstrcmpiW
HeapFree
lstrlenW
SetLastError
GetCurrentDirectoryW
Sleep
GetCommandLineW
HeapAlloc
HeapSetInformation
CreateFileW
GetFileSize
ReadFile
CloseHandle
ReleaseMutex
GetLastError
LocalAlloc
CreateMutexW
WaitForSingleObject
LocalFree
GetModuleHandleW
FormatMessageW
GetStdHandle
GetFileType
WriteConsoleW
WideCharToMultiByte
WriteFile
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
InterlockedCompareExchange
SetThreadPreferredUILanguages
HeapReAlloc
SetUnhandledExceptionFilter

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
wcschr
_wsplitpath_s
_iob
fprintf
memset
_getmbcp
_vsnwprintf
__p__fmode
_wcsnicmp
_wtof
memcpy
_wcsicmp
floor

user32

LoadStringW

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d276ecf4a3fc872788cb5080e1acd570

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

loadperf

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 26KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 26KB