65db479f72b5c9bcd6bad01dfa740bde_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65db479f72b5c9bcd6bad01dfa740bde_JaffaCakes118
Size

7.6MB
MD5

65db479f72b5c9bcd6bad01dfa740bde
SHA1

50ab43880d2d7a48492e478d1e0f3d6198f6be40
SHA256

5b774b42f4460f6e36b2fe9d186bf6ee176c2d8cc5a3bb4bd5e70cabe06f872f
SHA512

1a660c48fe6513112649fb16a693654f33698afefe95bb794fbe84d304d161b11a404355c0f9ce342f2dac45f1f73e5f0208c01533f9ff7b2a1a47d8dedafc48
SSDEEP

196608:Xwq8rVW8eePkHmkkR/E5nCl0Ll9PG//KfBErkE4yK4cr/:Xwq851PkHmzE57M/KJKkE4tb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/PlagiarismCheckerX_setup/Patch.exe
unpack001/PlagiarismCheckerX_setup/PlagiarismCheckerX_2014.exe

Files

65db479f72b5c9bcd6bad01dfa740bde_JaffaCakes118
.zip
PlagiarismCheckerX_setup/Patch.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 344KB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
PlagiarismCheckerX_setup/PlagiarismCheckerX_2014.exe
.exe windows:4 windows x86 arch:x86

a634617a24446d73e561f07dfda844e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc

comctl32

ord17

kernel32

ExpandEnvironmentStringsW
GlobalUnlock
GlobalLock
LockResource
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
GlobalFree
GetTickCount
GetExitCodeThread
CreateThread
CopyFileW
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
CreateEventW
lstrcatW
GetTempFileNameW
CompareStringA
CompareStringW
GetVersionExW
LoadLibraryW
FreeLibrary
GetProcAddress
GetSystemDefaultLangID
lstrcmpW
lstrcmpiW
VerLanguageNameW
MoveFileW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
GetSystemTimeAsFileTime
SetFileAttributesW
GetPrivateProfileStringW
CreateDirectoryW
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
IsValidLocale
GetVersion
GetModuleHandleW
GetCommandLineW
GetFileAttributesW
IsBadReadPtr
VirtualQuery
lstrcmpiA
lstrcpyA
FlushFileBuffers
SetEndOfFile
GetDiskFreeSpaceW
GetDriveTypeW
GetExitCodeProcess
GetCurrentThread
GetLocaleInfoW
GetACP
GetTimeZoneInformation
GetTempPathW
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetUserDefaultLCID
ReadFile
GetLocaleInfoA
IsValidCodePage
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetStartupInfoW
GetModuleHandleA
RtlUnwind
CreateFileA
CreateFileMappingA
lstrcpynA
SystemTimeToFileTime
lstrcpynW
QueryPerformanceCounter
SetEvent
ResetEvent
SearchPathW
VirtualProtect
GetCurrentProcessId
FindResourceExW
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
GetLocalTime
TerminateProcess
GetProcessTimes
OpenProcess
GetCurrentDirectoryW
SetErrorMode
GetWindowsDirectoryW
lstrcpyW
GetSystemDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileW
Sleep
RemoveDirectoryW
SetFilePointer
GetProcessHeap
WriteFile
HeapAlloc
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
lstrlenA
GetLastError
SetLastError
EnumSystemLocalesA
HeapFree
GetOEMCP
SetEnvironmentVariableA
GetTimeFormatA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
GetDateFormatA
RaiseException
InterlockedExchange
lstrcmpA
SetStdHandle
LocalAlloc

user32

CreateDialogParamW
SetCursor
GetWindow
GetDlgItemTextW
SetFocus
EnableWindow
MessageBoxW
SetDlgItemTextW
SetForegroundWindow
GetDlgCtrlID
GetDC
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageW
SendMessageW
GetWindowRect
GetSystemMetrics
SetRect
FindWindowW
IntersectRect
SubtractRect
IsWindow
DestroyWindow
CreateDialogIndirectParamW
CharNextW
LoadImageW
GetWindowLongW
BeginPaint
EndPaint
SetWindowLongW
GetClientRect
ClientToScreen
SetWindowPos
GetWindowDC
ReleaseDC
EndDialog
SetWindowTextW
GetDlgItem
ShowWindow
DialogBoxIndirectParamW
GetDesktopWindow
wsprintfW
MsgWaitForMultipleObjects
PeekMessageW
DefWindowProcW
PostMessageW
KillTimer
PostQuitMessage
SetTimer
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
MoveWindow
wvsprintfW
CharPrevW
SendDlgItemMessageW
ExitWindowsEx
CharUpperW
WaitForInputIdle
SetActiveWindow

gdi32

UnrealizeObject
SelectPalette
RealizePalette
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
CreateFontW
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateDIBitmap
DeleteObject
GetStockObject
TranslateCharsetInfo

advapi32

RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW

ole32

CLSIDFromProgID
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoInitializeSecurity
CreateItemMoniker
GetRunningObjectTable
ProgIDFromCLSID
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
SysAllocString
VariantClear
VariantChangeType
GetErrorInfo
RegisterTypeLi
LoadTypeLi
SetErrorInfo
CreateErrorInfo

rpcrt4

UuidToStringW
UuidCreate
UuidFromStringW
RpcStringFreeW

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PlagiarismCheckerX_setup/东坡下载说明.txt
PlagiarismCheckerX_setup/更多软件下载.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 344KB - Virtual size: 4B

���� Size: - Virtual size:

a634617a24446d73e561f07dfda844e5

Headers

DLL Characteristics

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

Sections

.text Size: 465KB - Virtual size: 465KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 42KB - Virtual size: 63KB

.rsrc Size: 312KB - Virtual size: 311KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

.text
Size: 465KB - Virtual size: 465KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 42KB - Virtual size: 63KB

.rsrc
Size: 312KB - Virtual size: 311KB