3ab29b5d9520f254c3b508ba11cb6f6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ab29b5d9520f254c3b508ba11cb6f6e_JaffaCakes118
Size

197KB
MD5

3ab29b5d9520f254c3b508ba11cb6f6e
SHA1

f3d6cfb6af8ad965aea3f70c4fa456bc7443e30d
SHA256

f7215448c425053d635fabe412b977bb22a2509ebaab28ae7157f9d4f2b26720
SHA512

6354d7ed307c5d1be580cdddbf4dc7c0bf1fddcfaa62b4ccb24b1ce215212bf0aabca1e36b46831dfc91a31a8ea08a92a3c475e6006f08139ca380bc9e0f95b5
SSDEEP

6144:EbeHrnHkzvIi0oQrOYRypSg1dsqoLKf1hOAaWIe:F00OfhMKyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ab29b5d9520f254c3b508ba11cb6f6e_JaffaCakes118

Files

3ab29b5d9520f254c3b508ba11cb6f6e_JaffaCakes118
.exe windows:6 windows x86 arch:x86

85528facb83d35eaa8e39ad7be9340ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lodctr.pdb

Imports

loadperf

LoadPerfCounterTextStringsW
LpAcquireInstallationMutex
LpReleaseInstallationMutex
BackupPerfRegistryToFileW
RestorePerfRegistryFromFileW
SetServiceAsTrustedW
UpdatePerfNameFilesA

shell32

CommandLineToArgvW

advapi32

FreeSid
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
IsTextUnicode
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EventRegister
EventUnregister
EventWrite
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW

kernel32

InterlockedExchange
HeapAlloc
GetProcessHeap
MultiByteToWideChar
lstrlenA
SearchPathA
SearchPathW
lstrcmpiW
HeapFree
lstrlenW
SetLastError
GetCurrentDirectoryW
Sleep
LocalFree
GetLastError
GetCommandLineW
SetThreadPreferredUILanguages
HeapSetInformation
CreateFileW
GetFileSize
ReadFile
CloseHandle
ReleaseMutex
LocalAlloc
CreateMutexW
WaitForSingleObject
GetModuleHandleW
FormatMessageW
GetStdHandle
GetFileType
WriteConsoleW
HeapReAlloc
WideCharToMultiByte
WriteFile
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
wcschr
_wsplitpath_s
_iob
fprintf
memset
_getmbcp
_vsnwprintf
_amsg_exit
memcpy
_wcsnicmp
_wtof
_wcsicmp
floor

user32

LoadStringW

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85528facb83d35eaa8e39ad7be9340ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

loadperf

shell32

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.data Size: 148KB - Virtual size: 248KB

.data Size: 7KB - Virtual size: 7KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.data
Size: 148KB - Virtual size: 248KB

.data
Size: 7KB - Virtual size: 7KB