f8c70df7ade63ded6aca4c6585816696_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8c70df7ade63ded6aca4c6585816696_JaffaCakes118
Size

30KB
MD5

f8c70df7ade63ded6aca4c6585816696
SHA1

bd1a991f8b9243c2a0a24f1d4a77e66655578d73
SHA256

0f7a5cc3e8987cdd47cf9bfad8f2158770224da2d801fb6f2a7dc013a63c5a42
SHA512

080b9864f16158d78a3f36574661160cef161753d44ab0d2c55dfb0720b2d12d5d2d97aae166267edfecd9c20699904f5bf6e665e2a70ef7ba482f4a67167106
SSDEEP

768:aMrzgQlZNqchyRs143kRlV7hzUjltuIB58y/QW72WIdNWV9:dv1jovelV7BUasDQe0NWT

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/EscapeClosePro.exe
unpack001/ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/end.exe
unpack001/ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/escapeclosepro.exe.org
unpack001/ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/esccldll.dll

Files

f8c70df7ade63ded6aca4c6585816696_JaffaCakes118
.rar
ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/EscapeClosePro.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/end.exe
.exe windows:4 windows x86 arch:x86

3d45924afd2b7f0dd4afe4116d9c0c11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

msvcrt

_XcptFilter
_exit
exit
__getmainargs
_initterm
__setusermatherr
_acmdln
_adjust_fdiv
__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode

kernel32

GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/escapeclosepro.exe.org
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/esccldll.dll
.dll windows:4 windows x86 arch:x86

11ebb2259882aaf57e47453c8ee015e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
lstrlenA

user32

CallNextHookEx
GetForegroundWindow
FindWindowA
IsIconic
SetCursor
GetCursor
IsZoomed
PostMessageA
GetWindowTextA
ShowWindow
GetWindowRect
GetSystemMetrics
SetCursorPos
VkKeyScanA
LoadCursorA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcr70

_adjust_fdiv
malloc
free
strstr
atoi
__dllonexit
_onexit
_except_handler3
_itoa
_ltoa
_initterm

Exports

Exports

?KeyboardProc1@@YGJHIJ@Z

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/exceptions.png
.png
ha-EscapeCloseProInstall19-zhou/ha-EscapeCloseProInstall19-zhou/汉化说明.txt
ha-EscapeCloseProInstall19-zhou/下载说明.htm
.html .js polyglot
ha-EscapeCloseProInstall19-zhou/汉化说明.txt
ha-EscapeCloseProInstall19-zhou/注册信息.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 11KB

.rsrc Size: 10KB - Virtual size: 10KB

3d45924afd2b7f0dd4afe4116d9c0c11

Headers

File Characteristics

Imports

shell32

msvcrt

kernel32

Sections

.text Size: 512B - Virtual size: 428B

.rdata Size: 1024B - Virtual size: 526B

.data Size: 512B - Virtual size: 108B

Headers

File Characteristics

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 11KB

.rsrc Size: 10KB - Virtual size: 10KB

11ebb2259882aaf57e47453c8ee015e3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcr70

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 1024B - Virtual size: 594B

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 11KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 512B - Virtual size: 428B

.rdata
Size: 1024B - Virtual size: 526B

.data
Size: 512B - Virtual size: 108B

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 11KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 1024B - Virtual size: 594B