09f7cb6bdccbba81e04b47cb7b277339_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09f7cb6bdccbba81e04b47cb7b277339_JaffaCakes118
Size

3.8MB
MD5

09f7cb6bdccbba81e04b47cb7b277339
SHA1

14c4d7266bc22cff40483f83ea104daa0f39523b
SHA256

b36c8c4dee385aaa05c0a1977271d6bd634039e4430d2e30c4e95ce0d8bad790
SHA512

caf6350d6e164562e1ae7e5b403c4491b95f00e6c2875486c8a8a92a43afc6fd14b7f1e4a10f369397dff7180fc73219d92d3b6fc9931011464637d89695e088
SSDEEP

98304:21N1oQXoI4FNgjrySZ0rrjeQkFitct8rCcm9F5qkh:21N1o+h4FNoySZ0rrje18Gt9cc5qA

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack003/DeadRising3+26Tr-LNG_v1.7.0_WIN10/DeadRising3+26Tr-LNG_v1.7.0.exe
unpack004/risingupd6+7tr.exe

Files

09f7cb6bdccbba81e04b47cb7b277339_JaffaCakes118
.zip
DeadRising3+26Tr-LNG_v1.7.0_WIN10.zip
.zip
DeadRising3+26Tr-LNG_v1.7.0_WIN10.rar
.rar
DeadRising3+26Tr-LNG_v1.7.0_WIN10/DeadRising3+26Tr-LNG_v1.7.0 - INFO.txt
DeadRising3+26Tr-LNG_v1.7.0_WIN10/DeadRising3+26Tr-LNG_v1.7.0.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DeadRising3+26Tr-LNG_v1.7.0_WIN10/VERY IMPORTANT!.txt
risingupd6+7tr.zip
.zip
readme.txt
risingupd6+7tr.exe
.exe windows:5 windows x64 arch:x64

fb216d9fb4508a6e7e6a6095501a5374

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

gdi32

Pie

version

VerQueryValueW

netapi32

NetWkstaGetInfo

ole32

IsEqualGUID

comctl32

ImageList_Add

msvcrt

memset

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW

winmm

PlaySoundW

Exports

Exports

TMethodImplementationIntercept
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 1.8MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 23KB - Virtual size: 23KB

fb216d9fb4508a6e7e6a6095501a5374

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

user32

gdi32

version

netapi32

ole32

comctl32

msvcrt

shell32

winspool.drv

winmm

Exports

Exports

Sections

.MPRESS1 Size: 1.8MB - Virtual size: 6.1MB

.MPRESS2 Size: 5KB - Virtual size: 4KB

.rsrc Size: 174KB - Virtual size: 174KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 23KB - Virtual size: 23KB

.MPRESS1
Size: 1.8MB - Virtual size: 6.1MB

.MPRESS2
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 174KB - Virtual size: 174KB