9198fc280013475e64c198f0b2551766_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9198fc280013475e64c198f0b2551766_JaffaCakes118
Size

70KB
MD5

9198fc280013475e64c198f0b2551766
SHA1

59c34df6b2834cf7a2907e949f7fcf71302a6857
SHA256

cd55869022869fa0846705c6f864972a637c9a55a3985b24fd455fab02769b36
SHA512

fc8cdf236ec1a7aea68e8efb514fdc14bd605fdc1bdb22994c5507669cd8bff60fa8308d0193756e4d300610fd7503f14ebe1ef52f613f45be7c041e8730ca9f
SSDEEP

1536:X4n+JP4P22yfD8OXTYdKvoZFBOAhVMV6e0Oo/K9x20jisRPCPAJMo1YXu:X4eq2d4d/Zbi4Gx20ji1j8su

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yh-15.exe
unpack001/yhws-15.exe

Files

9198fc280013475e64c198f0b2551766_JaffaCakes118
.rar
yh-15.exe
.exe windows:4 windows x86 arch:x86

343b3e25e7d06cc939e57e161c2f6a9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WriteFile
SetFilePointer
CreateFileA
LoadResource
SizeofResource
FindResourceA
CloseHandle
ExitProcess
GetStartupInfoA

user32

EndDialog
DialogBoxParamA
GetDlgItemTextA

comdlg32

GetSaveFileNameA

msvcp60

?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

wininet

HttpOpenRequestA
InternetCloseHandle
InternetReadFile
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetSetOptionA

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_itoa
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
memmove
__CxxFrameHandler
strstr
atoi
free
__dllonexit
_onexit
_exit
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yhws-15.exe
.exe windows:4 windows x86 arch:x86

d961cb5d21460427b385325e92ad126b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comdlg32

GetSaveFileNameA

kernel32

AddAtomA
CloseHandle
CreateFileA
DeleteFileA
ExitProcess
FindAtomA
FindResourceA
GetAtomNameA
GetModuleHandleA
GetPrivateProfileStringA
LoadResource
LockResource
SetFilePointer
SetUnhandledExceptionFilter
SizeofResource
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrlenW

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_controlfp
_fileno
_fmode
_fpreset
_iob
_onexit
_setmode
abort
atexit
exit
fprintf
free
localtime
malloc
memmove
memset
realloc
signal
strlen
time

user32

CallNextHookEx
DialogBoxParamA
EndDialog
GetClientRect
GetDlgItem
GetWindowTextA
LoadIconA
SendMessageA
SetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

343b3e25e7d06cc939e57e161c2f6a9a

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

msvcp60

wininet

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 52KB - Virtual size: 50KB

d961cb5d21460427b385325e92ad126b

Headers

File Characteristics

Imports

comdlg32

kernel32

msvcrt

user32

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 320B

.rdata Size: 512B - Virtual size: 304B

.bss Size: - Virtual size: 21KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 52KB - Virtual size: 50KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 320B

.rdata
Size: 512B - Virtual size: 304B

.bss
Size: - Virtual size: 21KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 48KB