3f5af68d209d7a3c4748161e8f1958b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f5af68d209d7a3c4748161e8f1958b4_JaffaCakes118
Size

1.4MB
MD5

3f5af68d209d7a3c4748161e8f1958b4
SHA1

885be1c454016dfc1969dbbdab2b775b82c8ecc0
SHA256

08d8580b3d35f6f7eaf35cae6595c28ef868c4e6262183475c5b75380ff977e5
SHA512

cc7217742c3db51cfcff52608974445cdd4a145cea91fd2ea0c7fcadb2016d05e18d46f0d5e12d0d4b60a0d40a0d71ca58155d389ff6899a8ee9b9d1bcf77c1c
SSDEEP

24576:1KkCTxAd+9IJ0laEE3jD02ObErgF+HxtcKUW7Od:1KkCTxAE9IJ08TDcgvx+a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/OneClickRoot.exe

Files

3f5af68d209d7a3c4748161e8f1958b4_JaffaCakes118
.iso
out.iso
.iso
OneClickRoot.exe
.exe windows:5 windows x86 arch:x86

9134b56918a4ca4df9fb1ecdcdb50d21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHAutoComplete
AssocQueryStringW
SHSetValueW
SHDeleteKeyW
SHDeleteEmptyKeyW
PathCreateFromUrlW
UrlCanonicalizeW
PathStripToRootW
PathSkipRootW
PathRemoveExtensionW
PathRemoveBlanksW
PathParseIconLocationW
PathIsNetworkPathW
PathIsRootW
PathIsRelativeW
PathFindNextComponentW
PathFindFileNameW
PathFileExistsW
PathAppendW
StrRetToStrW
StrCmpIW
StrCmpW
StrToIntW
StrRChrW
StrPBrkW
StrFormatByteSizeW
StrDupW

kernel32

TerminateProcess
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
CreateFileW
CloseHandle
GetProcAddress
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
FileTimeToSystemTime
LoadLibraryW
CreateDirectoryW
GetFullPathNameW
FindNextFileW
GetUserDefaultLCID
GetCommandLineA
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
GetOEMCP
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
WriteConsoleW

oleaut32

SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantInit
VariantCopy
VariantChangeType
VarI4FromStr
VarR8FromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
VarBoolFromStr
VarNeg
VarNot
LoadTypeLi
RegisterTypeLi
SetErrorInfo
GetErrorInfo
CreateErrorInfo

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ioe5
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r9ae
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9134b56918a4ca4df9fb1ecdcdb50d21

Headers

File Characteristics

Imports

shlwapi

kernel32

oleaut32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 7.2MB

.ioe5 Size: 208KB - Virtual size: 207KB

.r9ae Size: 733KB - Virtual size: 733KB

.rsrc Size: 23KB - Virtual size: 24KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 7.2MB

.ioe5
Size: 208KB - Virtual size: 207KB

.r9ae
Size: 733KB - Virtual size: 733KB

.rsrc
Size: 23KB - Virtual size: 24KB