7733484f371cbc5cd6a63c76d450de22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7733484f371cbc5cd6a63c76d450de22_JaffaCakes118
Size

326KB
MD5

7733484f371cbc5cd6a63c76d450de22
SHA1

556298ef1dc1318942a27bfbc45531c3998c85f4
SHA256

630203e3869882fbc2bfab38f81fd79d665347ff89762145732763436ba38161
SHA512

027cef1c5aeb2154243453795d3e2244ad4d7af8f81e62755270cbfd6359428a0abf13a3cb7c542763639122c472ee13fd501941020adb378bd90225de22531c
SSDEEP

6144:1j7jT8jVAj9C1BRDsfxwCZGHL89Rl8E8yaR096F+7tD1Xo9TJUvaBTq/ihPDGkAC:pjT8mj9Cz2xwCAYIyaC96k7tD9o9l5rj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xiaobaizysd/homelock.exe

Files

7733484f371cbc5cd6a63c76d450de22_JaffaCakes118
.rar
xiaobaizysd/homelock.exe
.exe windows:4 windows x86 arch:x86

ff226b9a0142dec6c7306fef5d8d1f36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord616
ord809
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord823
ord6215
ord6438
ord2621
ord1134
ord556
ord2298
ord2358
ord2642
ord3092
ord1168
ord1105
ord781
ord6880
ord1088
ord2122
ord2452
ord6930
ord3329
ord6055
ord1776
ord5290
ord3402
ord3721
ord567
ord2575
ord4396
ord3574
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3708
ord1795
ord2243
ord4275
ord613
ord5873
ord4133
ord4297
ord472
ord289
ord3874
ord858
ord4284
ord1146
ord3693
ord3573
ord2864
ord795
ord609
ord2370
ord2289
ord2364
ord540
ord860
ord2379
ord4299
ord2860
ord5785
ord1640
ord3706
ord3571
ord1641
ord3663
ord3626
ord3619
ord825
ord470
ord323
ord2414
ord5794
ord5788
ord5789
ord6172
ord537
ord800
ord2405
ord640
ord755
ord4476
ord3089
ord5875
ord4853
ord4710
ord6199
ord6334
ord4234
ord2302
ord2301
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord941
ord5265
ord1576

msvcrt

_setmbcp
memset
__CxxFrameHandler
sprintf
fclose
fwrite
fseek
fopen
strcat
strlen
strcpy
strncpy
memcpy
_strlwr
time
fputs
vsprintf
__p___argv
__p___argc
_wfopen
fread
wcscat
wcscpy
ftell
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
wprintf
_local_unwind2
_except_handler3
malloc
free
srand
rand
_stricmp
isdigit
strtoul
strcmp
_controlfp

kernel32

GetStartupInfoA
CopyFileA
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
GetLastError
CreateMutexA
LoadLibraryA
GetVersionExA
CloseHandle
Process32Next
Process32First
OpenProcess
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetSystemDirectoryA
VirtualProtect
WaitForSingleObject
VirtualFreeEx
MoveFileExA
DeleteFileA
CopyFileW
SizeofResource
LoadResource
FindResourceA
CreateProcessA
SetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleW
GetTickCount

user32

GetParent
KillTimer
SetTimer
InvalidateRect
DrawStateA
FillRect
LoadCursorA
SetCursor
LoadImageA
GetCursorPos
GetIconInfo
DestroyIcon
GetWindowRect
GetWindowLongA
SetWindowLongA
LoadBitmapA
MessageBoxA
EnableWindow
ScreenToClient
GetClientRect
SetWindowRgn
SendMessageA
PtInRect

gdi32

StretchBlt
RoundRect
CreateRectRgn
CreatePen
BitBlt
Rectangle
SelectObject
CreateCompatibleDC
CreateSolidBrush
DeleteObject
GetStockObject
CreateFontIndirectA
GetObjectA
CreateCompatibleBitmap
CreateRoundRectRgn

advapi32

LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
EnumDependentServicesA
ControlService
StartServiceA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xiaobaizysd/更多软件下载.url
xiaobaizysd/第一次运行先退出360、金山卫士、金山毒霸、电脑管家.txt
xiaobaizysd/说明.txt
xiaobaizysd/飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

ff226b9a0142dec6c7306fef5d8d1f36

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB