114e82709e16d46049620b86a3e2118e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

114e82709e16d46049620b86a3e2118e_JaffaCakes118
Size

932KB
MD5

114e82709e16d46049620b86a3e2118e
SHA1

aad0f8a2e92dc09990b919b72e652c508a1e76f7
SHA256

2ebdfcb987b13f1f8de078e29d4f870a65281ea176f920e0c370bef08d815382
SHA512

53bdd3c8b066b41779c3532f915a579abd0aa0d24fe27aa1b1541722ad7e3284c121cb7abb43312c2d4cd8488e56aa7bbfb90ada0aa46459bcd422d05ba4d522
SSDEEP

24576:2DxMsZsN29VEa+HQpi0SDnXBAH3znePuksPgjf:2DxRZspHbBsaPuTM

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TF卡修复工具 V1.0 官方版/tf卡修复工具.exe
unpack001/TF卡修复工具 V1.0 官方版/wg.dat

Files

114e82709e16d46049620b86a3e2118e_JaffaCakes118
.zip
TF卡修复工具 V1.0 官方版/config.dat
TF卡修复工具 V1.0 官方版/id.dat
TF卡修复工具 V1.0 官方版/tf卡修复工具.exe
.exe windows:4 windows x86 arch:x86

9b628b39a8fba084f05e273a9feee901

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord6059
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2818
ord2621
ord1134
ord1199
ord1247
ord1576
ord3229
ord1168
ord860
ord939
ord535
ord5204
ord5808
ord540
ord5353
ord533
ord5194
ord798
ord6392
ord537
ord800
ord690
ord4465
ord389

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
fopen
fgets
strstr
fclose
_mbsrchr
strrchr
strcat
_mbschr
sprintf
_mbscmp
atol
strcpy
memset
strlen
memcpy
_setmbcp
__CxxFrameHandler

kernel32

GlobalAlloc
CloseHandle
WaitForSingleObject
CreateProcessA
DeleteFileA
CreateDirectoryA
GetCurrentThreadId
GetTempPathA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetLastError
CreateEventA
GetModuleHandleA
GetStartupInfoA
RemoveDirectoryA

user32

PostMessageA
wsprintfA
MessageBoxA

ole32

CoInitialize

wsock32

ioctlsocket

iphlpapi

GetAdaptersInfo

wininet

InternetCrackUrlA

shlwapi

SHSetValueA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TF卡修复工具 V1.0 官方版/wg.dat
.exe windows:4 windows x86 arch:x86

a24e57cfb1e35030a9b4252bf1fa8b4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrcpyA
lstrlenA
_lclose
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
_lread
_llseek
_lopen
GetDiskFreeSpaceA
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
lstrcatA
GetTempPathA
GetCurrentDirectoryA
_lwrite
_lcreat
CloseHandle
GetExitCodeProcess
CreateProcessA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

TranslateMessage
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
LoadCursorA
SetCursor
MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ʹ˵.txt
Ա-Աƽ̨.url
.url
׿Ϸ.url
.url
Ϸ.url
.url
.url
.url

Sharing

General

Malware Config

Signatures

Files

9b628b39a8fba084f05e273a9feee901

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ole32

wsock32

iphlpapi

wininet

shlwapi

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 860B

.rsrc Size: 4KB - Virtual size: 2KB

a24e57cfb1e35030a9b4252bf1fa8b4b

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 860B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 26KB