f3c02dc8cf6c6f52051a9fe6b9b2341c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3c02dc8cf6c6f52051a9fe6b9b2341c_JaffaCakes118
Size

345KB
MD5

f3c02dc8cf6c6f52051a9fe6b9b2341c
SHA1

8faf02dd29e2a2660b877607ab2531c565086834
SHA256

29e4b29e725925a246b2be653922ac3defc8bee509ff99b40454c8ac4bcd9633
SHA512

d0698eac130eef78253088282ef1c0f8af7f4aaa71b92bb352fd6668e995c38d8c7a972178396e5702da19e832f6dbe33f96260bbe68757329ae5c59903195fd
SSDEEP

6144:QxyKGIAcEPiNMqX97fnnPp3P3dOzz17RinHi/pk5AKV+me0sVZn6cAJZWD1oEV:2yKGIRvX1vnPp3PNyfpk5AKV+7Hnbqwv

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CueClub.exe
unpack001/skidrow.exe

Files

f3c02dc8cf6c6f52051a9fe6b9b2341c_JaffaCakes118
.rar
CueClub.exe
.exe windows:4 windows x86 arch:x86

3b11ee359de9b65451e2a13bb25d1927

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
lstrcatA
GetDriveTypeA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetLogicalDriveStringsA
FindFirstFileA
FindNextFileA
FindClose
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
DeleteCriticalSection
GetLastError
GetVolumeInformationA
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
LocalAlloc
LocalFree
SetPriorityClass
GetCurrentProcess
GetFileSize
ReadFile
GetTimeZoneInformation
GetSystemTime
GetLocalTime
DeleteFileA
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetProcAddress
LCMapStringA
LCMapStringW
WriteFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP

user32

ShowCursor
wsprintfA
MessageBoxA
SetFocus
UpdateWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
LoadIconA
TranslateMessage
PeekMessageA
DispatchMessageA
DefWindowProcA
ValidateRect
PostQuitMessage
DialogBoxParamA
SendDlgItemMessageA
SetWindowPos
GetClientRect
EndDialog
DestroyWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

dsetup

ord11

winmm

timeGetTime
timeSetEvent
mciSendCommandA
timeKillEvent

wininet

InternetAttemptConnect
InternetGetConnectedState
InternetAutodialHangup

gdi32

GetStockObject

dinput

DirectInputCreateA

ddraw

DirectDrawEnumerateExA
DirectDrawCreate

dsound

ord2
ord1

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
skidrow.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 189KB - Virtual size: 936KB
sr-ic164.nfo

Sharing

General

Malware Config

Signatures

Files

3b11ee359de9b65451e2a13bb25d1927

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

dsetup

winmm

wininet

gdi32

dinput

ddraw

dsound

Sections

.text Size: 280KB - Virtual size: 276KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 1.1MB - Virtual size: 5.6MB

.rsrc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

 Size: 189KB - Virtual size: 936KB

.text
Size: 280KB - Virtual size: 276KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 1.1MB - Virtual size: 5.6MB

.rsrc
Size: 8KB - Virtual size: 4KB

Size: 189KB - Virtual size: 936KB