384196f282ed7af000f404bb0a8168c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

384196f282ed7af000f404bb0a8168c1_JaffaCakes118
Size

555KB
MD5

384196f282ed7af000f404bb0a8168c1
SHA1

58d7d56483541eccc8782a929d4fd80204a2f7fe
SHA256

2f71e1a18c9a23b1988c7c7b6129a0443d533053845fba4f2abf7afdb0631ab9
SHA512

3eb1c3ad67030a4de8b685f66631203a39dab6a9a437e2c804ad756076b9f29fd42a0e564429ebfa7e0a5d0a7eaa08c3a3701269129fa5488ee47a80ce04654c
SSDEEP

12288:zwFhT81eWwIEFSPe3XQKqs8DlrQnxGWDBZtTcEOr154q/:MbuedFgPDlwIWD3+EOr15t

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/编译工具/c51/BIN/A51.EXE
unpack001/编译工具/c51/BIN/C51.EXE
unpack001/编译工具/c51/BIN/OC51.EXE
unpack001/编译工具/c51/BIN/OH51.EXE
unpack001/编译工具/c51/BIN/bl51.exe
unpack001/编译工具/c51/BIN/make.exe

Files

384196f282ed7af000f404bb0a8168c1_JaffaCakes118
.rar
编译工具/c51/ASM/REG51.INC
编译工具/c51/BIN/A51.EXE
.exe windows:4 windows x86 arch:x86

1741da5e9345b1f8f0a1f28d5413a87a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetProcAddress
LoadLibraryA
GetOEMCP
GetACP
GetFileAttributesA
HeapAlloc
HeapFree
GetLastError
GetFullPathNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetLocalTime
DeleteFileA
GetTimeZoneInformation
GetSystemTime
SetConsoleCtrlHandler
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
FreeLibrary
SetCurrentDirectoryA
RtlUnwind
GetCurrentDirectoryA
GetDriveTypeA
ReadFile
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
CreateFileA
SetFilePointer
CompareStringA
CompareStringW
SetEndOfFile
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetFileInformationByHandle
PeekNamedPipe

version

GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
编译工具/c51/BIN/C51.EXE
.exe windows:4 windows x86 arch:x86

08ae02e28228b5b9d8a279bf3dc7319d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetCurrentDirectoryA
GetFileAttributesA
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetLastError
GetFullPathNameA
HeapFree
HeapReAlloc
GetLocalTime
DeleteFileA
SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
FreeLibrary
GetStartupInfoA
ReadFile
WriteFile
GetModuleHandleA
CloseHandle
FlushFileBuffers
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetEndOfFile
RtlUnwind
SetFilePointer
CreateFileA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetFileInformationByHandle
PeekNamedPipe

version

GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
编译工具/c51/BIN/OC51.EXE
.exe windows:4 windows x86 arch:x86

b2aac9a4a6609653d1422261b312cf8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA

kernel32

GetStartupInfoA
GetFileType
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
WriteFile
SetFilePointer
ReadFile
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeW
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
CreateFileA
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
编译工具/c51/BIN/OH51.EXE
.exe windows:4 windows x86 arch:x86

22e7eef979d09ec57f8ddda22cc37b07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLastError
WriteFile
ReadFile
SetFilePointer
HeapFree
CloseHandle
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
SetEndOfFile
FlushFileBuffers
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapAlloc
CreateFileA
SetStdHandle
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
编译工具/c51/BIN/bl51.exe
.exe windows:4 windows x86 arch:x86

39bba44070c4c374d2345a844dd61a7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetProcAddress
LoadLibraryA
WriteFile
SetHandleCount
FindFirstFileA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetLastError
DeleteFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetFullPathNameA
SetConsoleCtrlHandler
GetCommandLineA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
CompareStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FindCloseChangeNotification
FreeLibrary
SetFilePointer
FileTimeToLocalFileTime
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetCurrentDirectoryA
GetDriveTypeA
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteFileW
GetEnvironmentStringsA
GetEnvironmentStringsW
RtlUnwind
GetStringTypeA
CreateIoCompletionPort
SetStdHandle
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
FindClose
FileTimeToSystemTime

version

VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 920B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 60B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

IMP
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
编译工具/c51/BIN/make.exe
.exe windows:1 windows x86 arch:x86

c4ba8fb88a5e493459c17a098fb5f073

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCommandLineA
CreateFileA
CloseHandle
CreateProcessA
DeleteFileA
DuplicateHandle
CopyFileA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
CreateFileW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
ExitProcess
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalMemoryStatus
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
GetModuleHandleA

user32

MessageBoxA
EnumThreadWindows

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

CODE
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
编译工具/c51/C51V61精简版.txt
编译工具/c51/INC/ABSACC.H
编译工具/c51/INC/INTRINS.H
编译工具/c51/INC/REG52.H
编译工具/c51/INC/STRING.H
编译工具/c51/LIB/C51FPS.LIB
编译工具/c51/LIB/C51S.LIB

Sharing

General

Malware Config

Signatures

Files

1741da5e9345b1f8f0a1f28d5413a87a

Headers

File Characteristics

Imports

kernel32

version

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 912B

08ae02e28228b5b9d8a279bf3dc7319d

Headers

File Characteristics

Imports

kernel32

version

Sections

.text Size: 452KB - Virtual size: 451KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 212KB - Virtual size: 466KB

.rsrc Size: 4KB - Virtual size: 920B

b2aac9a4a6609653d1422261b312cf8a

Headers

File Characteristics

Imports

version

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 976B

22e7eef979d09ec57f8ddda22cc37b07

Headers

File Characteristics

Imports

version

kernel32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 77KB

.rsrc Size: 4KB - Virtual size: 952B

39bba44070c4c374d2345a844dd61a7b

Headers

File Characteristics

Imports

kernel32

version

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 161KB - Virtual size: 161KB

.rsrc Size: 920B - Virtual size: 920B

.pklstb Size: 80KB - Virtual size: 80KB

.relo2 Size: 60B - Virtual size: 60B

IMP Size: 1KB - Virtual size: 4KB

c4ba8fb88a5e493459c17a098fb5f073

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 78KB - Virtual size: 80KB

DATA Size: 19KB - Virtual size: 72KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 8KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 912B

.text
Size: 452KB - Virtual size: 451KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 212KB - Virtual size: 466KB

.rsrc
Size: 4KB - Virtual size: 920B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 976B

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 77KB

.rsrc
Size: 4KB - Virtual size: 952B

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 161KB - Virtual size: 161KB

.rsrc
Size: 920B - Virtual size: 920B

.pklstb
Size: 80KB - Virtual size: 80KB

.relo2
Size: 60B - Virtual size: 60B

IMP
Size: 1KB - Virtual size: 4KB

CODE
Size: 78KB - Virtual size: 80KB

DATA
Size: 19KB - Virtual size: 72KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 8KB