dba7ab176f0496599f1190cba2cd18e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dba7ab176f0496599f1190cba2cd18e4_JaffaCakes118
Size

571KB
MD5

dba7ab176f0496599f1190cba2cd18e4
SHA1

d7487489b61aa9c64c08735638e557cab0ceb84e
SHA256

11248b6af2e9c3fabf67031ce7b293f9e02b68e2b4f740e9154ea95774605a33
SHA512

9e967183fa4aac30aaf4cb9507d61fa10c52e678c656d1cb6da81ecfb1662dee92dd9f1000b7512aaaba3d4294876b2e37654b62bff97a3024f359c13a3a51e0
SSDEEP

12288:H9jpfPrLEO1ssHET3WmRDOkoqAP+gMnXA2rIb0FfgUGyJysiI1:Npn8O1kT3VqkQ2rLyeJy7I1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SRLoader/SRLoader.exe
unpack001/SRLoader/SRLoaderHook.dll

Files

dba7ab176f0496599f1190cba2cd18e4_JaffaCakes118
.rar
SRLoader/SRLoader.exe
.exe windows:5 windows x86 arch:x86

6bff9463c65c8f1067af229efd37a7a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_open
_lseek
_close
_write
_read
_unlink
__CxxFrameHandler3
_CIsin
_CIcos
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_getch
fputs
_gmtime64
strncmp
isupper
_strnicmp
_lock
_wfopen
ftell
_fileno
_setmode
wcsstr
getenv
strncpy
islower
sscanf
vsprintf
localeconv
fputc
ferror
memmove
_CIexp
_CIlog
_CIfmod
memset
abort
memcpy
_HUGE
_CIpow
_CIsqrt
floor
memchr
_vsnprintf
_errno
strerror
strtol
ceil
atoi
strstr
strtoul
rename
fseek
bsearch
_control87
atof
fwrite
_stat64i32
fread
fflush
rewind
isxdigit
isspace
sprintf
isalpha
tolower
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
wcscpy_s
wcscat_s
mbstowcs_s
strcpy_s
wcsrchr
vswprintf_s
_wctime64
fwprintf
??_U@YAPAXI@Z
vfwprintf
_wfopen_s
??3@YAXPAX@Z
strrchr
isdigit
fgets
remove
_exit
_getpid
signal
raise
feof
exit
_time64
fclose
realloc
vfprintf
fprintf
fopen
printf
strchr
__iob_func
_CIatan2
malloc
qsort
calloc
free
strcmp
_ctime64

mfc100u

ord11116
ord3491
ord2952
ord2951
ord2852
ord11159
ord902
ord296
ord5143
ord3999
ord4416
ord4383
ord4379
ord4413
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord8112
ord13380
ord10937
ord3402
ord11081
ord8277
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord7385
ord9333
ord2339
ord4805
ord12951
ord7005
ord5276
ord12557
ord3971
ord10725
ord3978
ord6156
ord7911
ord2884
ord13388
ord1905
ord5862
ord2185
ord3446
ord5855
ord1934
ord7109
ord13382
ord5828
ord381
ord2756
ord2980
ord2981
ord9525
ord10412
ord10058
ord8179
ord11163
ord8347
ord2417
ord12606
ord5556
ord11123
ord10081
ord6711
ord788
ord1212
ord1987
ord880
ord1734
ord13342
ord422
ord980
ord3628
ord5652
ord4290
ord3627
ord948
ord11209
ord11240
ord7391
ord11228
ord5261
ord3416
ord6140
ord890
ord12753
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord2089
ord13381
ord11477
ord11476
ord2164
ord9447
ord4744
ord13854
ord7176
ord4086
ord11784
ord11845
ord9498
ord2665
ord3992
ord2887
ord14067
ord11236
ord7548
ord1292
ord6869
ord7624
ord1282
ord8346
ord9328
ord7393
ord4792
ord6922
ord6932
ord6931
ord4623
ord4794
ord4645
ord5118
ord4901
ord8483
ord5115
ord4923
ord4642
ord4434

kernel32

InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GlobalMemoryStatus
InterlockedExchange
GetFileAttributesExA
GetProcessTimes
GetSystemTime
WriteProcessMemory
CloseHandle
OpenFileMappingW
GetModuleHandleA
CreateFileMappingW
VirtualAllocEx
GetProcAddress
CreateFileW
GetModuleFileNameA
GetLastError
GetVersion
GetFileType
GetStdHandle
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
IsProcessorFeaturePresent
SetEvent
CreateEventA
GetModuleFileNameW
ReadFile
VirtualFreeEx
WriteFile
CreateRemoteThread
WaitForSingleObject
CreateProcessW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateThread
Sleep

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetDesktopWindow
IsIconic
DrawIcon
GetClientRect
wsprintfW
LoadIconW
SystemParametersInfoW
GetSystemMetrics
SendMessageW
EnableWindow
wsprintfA

gdi32

CreateFontIndirectW

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
DeregisterEventSource
ReportEventA
RegisterEventSourceA

comctl32

InitCommonControlsEx

Sections

.text
Size: 1011KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRLoader/SRLoaderHook.dll
.dll windows:5 windows x86 arch:x86

a011919436becd27ef3c23d14a2a84b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessAffinityMask
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
IsBadReadPtr
CreateRemoteThread
VirtualQueryEx
WriteFile
VirtualFreeEx
Sleep
TerminateProcess
CreateFileW
GetProcAddress
VirtualAllocEx
CreateFileMappingW
GetSystemInfo
GetModuleHandleA
OpenFileMappingW
VirtualProtect
CloseHandle
WriteProcessMemory
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentThreadId
InterlockedExchange
DecodePointer
EncodePointer

user32

wsprintfW

msvcr100

wcscpy_s
fclose
_time64
??2@YAPAXI@Z
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
wcscat_s
memcpy_s
wcstombs_s
wcsrchr
vswprintf_s
_wctime64
fwprintf
vfwprintf
_wfopen_s
memset

Exports

Exports

_NullInterface@0

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRLoader/使用必读.url
SRLoader/绿色先锋下载.url
.url
使用必读.url
绿色先锋下载.url
.url

Sharing

General

Malware Config

Signatures

Files

6bff9463c65c8f1067af229efd37a7a4

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

mfc100u

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 1011KB - Virtual size: 1010KB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 64KB - Virtual size: 73KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 39KB - Virtual size: 39KB

a011919436becd27ef3c23d14a2a84b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr100

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 892B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 836B

.text
Size: 1011KB - Virtual size: 1010KB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 64KB - Virtual size: 73KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 39KB - Virtual size: 39KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 892B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 836B