f:\Workspace\Deployment\dotnetinstaller\dotNetInstaller\Release\dotNetInstaller.pdb
Static task
static1
Behavioral task
behavioral1
Sample
FreeRARExtractor/FreeRARExtractor_setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FreeRARExtractor/FreeRARExtractor_setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
FreeRARExtractor/lpk.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
FreeRARExtractor/lpk.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
FreeRARExtractor/下载银行-提供免费绿色软件下载.url
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
FreeRARExtractor/下载银行-提供免费绿色软件下载.url
Resource
win10v2004-20240426-en
General
-
Target
93e8a9667dd5a97330b175c5d22b37fe_JaffaCakes118
-
Size
5.2MB
-
MD5
93e8a9667dd5a97330b175c5d22b37fe
-
SHA1
19579e58eab6b3ceae75cff6499569cac65e2a80
-
SHA256
d4ad0e53c0c81f95947d5b83370a11090dabd018f32f0d7a96abc0eaf95c420c
-
SHA512
105cf59590c6646918ff24efa872bf62a42f525f52bf3371044a26345ef983d67171af541324fe09fb133411c5e16e406215abe924396f00c01ce1a52c099e2f
-
SSDEEP
98304:/TrsPpz0LXLt0MtWdTt+u9lxs5nXWguyNvK0dGdR6vjUR7MVcAJQHi/20PKiqhW:gpILXBhtaTtn9lxsNXqyNv4EjUqVcAJ3
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/FreeRARExtractor/FreeRARExtractor_setup.exe unpack001/FreeRARExtractor/lpk.dll
Files
-
93e8a9667dd5a97330b175c5d22b37fe_JaffaCakes118.rar
-
FreeRARExtractor/FreeRARExtractor_setup.exe.exe windows:5 windows x86 arch:x86
53b9da5720877407518c17b160260da7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
SetLastError
GetModuleHandleA
InterlockedExchange
CompareStringA
LoadLibraryA
FreeLibrary
Sleep
WaitForSingleObject
MulDiv
CloseHandle
InterlockedIncrement
InterlockedDecrement
LoadResource
LockResource
SizeofResource
InterlockedCompareExchange
SetEnvironmentVariableA
GetProcessHeap
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetStringTypeA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
LCMapStringA
VirtualAlloc
GetOEMCP
GetACP
QueryPerformanceCounter
VirtualFree
SetFilePointer
WriteFile
GetCurrentThreadId
FindResourceA
GetCommandLineW
GetCurrentProcessId
TlsGetValue
TlsSetValue
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetLastError
ResumeThread
GetCurrentProcess
GetExitCodeProcess
LocalFree
ReadFile
GetModuleFileNameA
GetSystemInfo
GetSystemDefaultLCID
GetUserDefaultLCID
FindClose
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalUnlock
GlobalLock
GetVersionExA
GlobalDeleteAtom
FreeResource
GlobalAlloc
GlobalFree
SetThreadPriority
SetEvent
SuspendThread
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
LocalReAlloc
TlsFree
lstrlenA
FlushFileBuffers
SetEndOfFile
SetErrorMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
RaiseException
RtlUnwind
ExitProcess
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
user32
AdjustWindowRectEx
GetMenuItemCount
GetMenuItemID
IsWindowVisible
SetForegroundWindow
SetMenu
GetKeyState
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
SetFocus
GetWindowPlacement
SendDlgItemMessageA
MoveWindow
ShowWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
GetMenuState
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
WindowFromPoint
ValidateRect
GetActiveWindow
TranslateMessage
InflateRect
GetDesktopWindow
DestroyMenu
GetSysColorBrush
GetWindow
GetSubMenu
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
ExitWindowsEx
CopyRect
PostQuitMessage
GetCursorPos
GetFocus
IsRectEmpty
GetClientRect
InvalidateRect
FillRect
DrawFocusRect
GetDC
ReleaseDC
IsIconic
UnhookWindowsHookEx
EndDialog
ReleaseCapture
IsWindow
RedrawWindow
SetTimer
GetSysColor
OffsetRect
KillTimer
GetParent
PtInRect
SetCapture
SetWindowPlacement
GetDlgCtrlID
GetMenu
SetWindowPos
GetWindowThreadProcessId
SystemParametersInfoA
CallNextHookEx
GetNextDlgTabItem
GetWindowRect
SetCursor
SetRect
UpdateWindow
DrawIcon
GetSystemMetrics
GetCapture
gdi32
SetBkMode
SetBkColor
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
GetCurrentObject
SetPixel
BitBlt
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
Rectangle
RestoreDC
SaveDC
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
PtVisible
DeleteObject
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
shell32
SHGetFolderPathW
ord680
SHGetMalloc
comctl32
_TrackMouseEvent
ord17
shlwapi
PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
ole32
CoCreateGuid
StringFromGUID2
IIDFromString
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
oleaut32
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
urlmon
URLDownloadToFileW
advapi32
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
FreeSid
GetTokenInformation
DuplicateToken
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
winspool.drv
ClosePrinter
msi
ord45
ord205
ord70
Sections
.text Size: 524KB - Virtual size: 523KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
FreeRARExtractor/lpk.dll.dll windows:5 windows x86 arch:x86
00c5fd00087020a0645079ce30f4148b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
user32
wsprintfW
shell32
ord64
ord92
shlwapi
SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW
Exports
Exports
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 494B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FreeRARExtractor/下载银行-提供免费绿色软件下载.url.url
-
FreeRARExtractor/下载银行.txt