11be87bd0a782a9cd5245676b213e748_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11be87bd0a782a9cd5245676b213e748_JaffaCakes118
Size

1016KB
MD5

11be87bd0a782a9cd5245676b213e748
SHA1

e9f3851fc7a58615a1c43f53409dfbe47957e728
SHA256

48eb57b3ed5e63cb20b69edd5f880c8f353e527052f61bc5405a5ecbac9fb055
SHA512

874faf65945f399307df31edcd2652e1b01b6334e02cbfccaa075667662cd41938b0a8388479cc36b0fb7120f999142e6936b577a4d8573a1cbccc0106909740
SSDEEP

24576:d4/a3a9bOhVNER8qAR891WraXuu+tOHMfO45eZD:dTXrNETAwMG+NVVkl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/应用程序/lpk.dll

Files

11be87bd0a782a9cd5245676b213e748_JaffaCakes118
.rar
应用程序/87652网址导航.url
.url
应用程序/lpk.dll
.dll windows:4 windows x86 arch:x86

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceA
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
GetLastError
CreateMutexA
lstrcmpiA
GetModuleFileNameA
WaitForSingleObject
GetTickCount
GetLogicalDrives
FindClose
FindNextFileA
SetFileAttributesA
CopyFileA
GetFileAttributesA
FindFirstFileA
lstrcpyA
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
FreeLibrary
SetEvent
CreateEventA
DisableThreadLibraryCalls
LoadLibraryA
lstrcatA
GetSystemDirectoryA

shell32

ord64

shlwapi

PathFindExtensionA
PathAppendA
PathFindFileNameA

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
应用程序/meirenyue/bef3df8agw1fap0vohgcqj209p0afmxe.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0voqe98j208c08cjsr.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0voz8nfj208c069gmv.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0vp41rxj208c08ct9t.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0vp8d6rj208c068wfo.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0vplr83j208c07kwfm.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0vprvq3j208c07g3zq.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0vpymwsj208c08ctad.jpg
.jpg
应用程序/meirenyue/bef3df8agw1fap0vqd4avj208c08cjsm.jpg
.jpg
应用程序/meirenyue/快照3.jpg
.jpg
应用程序/meirenyue/快照5.jpg
.jpg
应用程序/meirenyue/快照6.jpg
.jpg
应用程序/meirenyue/快照7.jpg
.jpg
应用程序/第六下载须知.txt
应用程序/软件使用说明.html
.html

Sharing

General

Malware Config

Signatures

Files

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 700B

.rsrc Size: 820KB - Virtual size: 820KB

.reloc Size: 1024B - Virtual size: 522B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 700B

.rsrc
Size: 820KB - Virtual size: 820KB

.reloc
Size: 1024B - Virtual size: 522B