a1f2548b01ead62db1d638a848bc863a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1f2548b01ead62db1d638a848bc863a_JaffaCakes118
Size

730KB
MD5

a1f2548b01ead62db1d638a848bc863a
SHA1

23f22a7c8070c9f9d693acff615bc2175ec571cc
SHA256

8025242ee62d61f38049930aa1b1a62acf7099effa075aafac63c1f201eca929
SHA512

97470ac2dbf9c3c7dd18b58b7e32625fbc88cb53fe495adf11b7086e81895db00b6cb67540bf338887f488880260bd5a140dc10e586933f0d8515e3210b19095
SSDEEP

12288:Xcy779OwQLi42HVGSHHsN+B2gkNBHKqQaFqnIfVVwRQtW9RZ31b2YdupfUo1ur:P/1Q5unU+B2gQqraFY6jwYIFb2Y4pJ1A

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Screen2SWF/Player.exe
unpack001/Screen2SWF/Screen2SWF.exe
unpack001/Screen2SWF/mp3enc.dll

Files

a1f2548b01ead62db1d638a848bc863a_JaffaCakes118
.rar
173绿色软件.url
173软件下载.txt
Screen2SWF/Player.exe
.exe windows:4 windows x86 arch:x86

4ab890ce5bd8538138c32e6e21364435

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutOpen
waveOutPause
waveOutClose
waveOutReset

mfc42

ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord4376
ord2379
ord2754
ord6197
ord6380
ord2864
ord4710
ord6157
ord4317
ord2380
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord1775
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord3663
ord2414
ord1134
ord3619
ord1146
ord1168
ord2086
ord2256
ord755
ord470
ord800
ord3499
ord2515
ord355
ord1576
ord2859
ord4133
ord4297
ord537
ord5875
ord1641
ord2753
ord3920
ord6215
ord4224
ord4299
ord3584
ord543
ord803
ord6307
ord4167
ord521
ord823
ord1948
ord5303
ord4699
ord5715
ord565
ord817
ord2726
ord4226
ord1175
ord2860
ord4078
ord6052
ord2514
ord4998
ord5265
ord825
ord5731
ord2567

msvcrt

fopen
fwrite
malloc
free
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
fseek
ftell
fread
fclose
sprintf
_ftol
rand
__CxxFrameHandler
_setmbcp
_stricmp

kernel32

Sleep
GetStartupInfoA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetTickCount

user32

GetClientRect
GetDesktopWindow
EnableWindow
LoadIconA
SendMessageA
DrawIcon
GetSystemMetrics
IsIconic
RedrawWindow
PostThreadMessageA
ReleaseDC
GetDC
DrawIconEx
GetIconInfo
OffsetRect
ReleaseCapture
SetCapture
PtInRect
ClientToScreen
GetWindowRect
SetCursor
ScreenToClient
GetCursorPos
LoadCursorA
CopyRect
PostMessageA
IsWindowVisible

gdi32

GetBitmapBits
CreateFontA
GetTextExtentPoint32A
StretchDIBits

Exports

Exports

??0CTPImage@@QAE@ABV0@@Z
??0CTPImage@@QAE@XZ
??1CTPImage@@UAE@XZ
??4CPixel@@QAEAAU0@ABU0@@Z
??4CTPImage@@QAEAAV0@ABV0@@Z
??8CPixel@@QAEHU0@@Z
??9CPixel@@QAEHU0@@Z
??GCPixel@@QAEHU0@@Z
??YCPixel@@QAEXH@Z
??ZCPixel@@QAEXH@Z
??_7CTPImage@@6B@
?BuildGrayChannel@CTPImage@@QAEKXZ
?ChannelFrom@CTPImage@@QAEHPAVCTPChannel@@H@Z
?ComputeLaplasToAlpha@CTPImage@@QAEXXZ
?Create@CTPImage@@QAEJII@Z
?CreateNewInstance@CTPImage@@SAPAV1@XZ
?DuplicateFrom@CTPImage@@QAEHPAV1@@Z
?Free@CTPImage@@QAEXXZ
?GetAreaByteSize@CTPImage@@QAEIXZ
?GetAveragePixel@CTPImage@@QAE?AUCPixel@@XZ
?GetBuffer@CTPImage@@QAEPAUCPixel@@HH@Z
?GetGray2@CPixel@@QAEEXZ
?GetGray@CPixel@@QAEEXZ
?GetPixel2@CTPImage@@QAE?AUCPixel@@HH@Z
?GetPixel@CTPImage@@QAEKHH@Z
?GetSafePixel@CTPImage@@QAE?AUCPixel@@HH@Z
?GetSize@CTPImage@@QAEXAAI0@Z
?LoadFromFile@CTPImage@@QAEJPAD@Z
?PutPixel@CTPImage@@QAEXHHUCPixel@@@Z
?SaveToFile@CTPImage@@QAEJPAD@Z

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Screen2SWF/Screen2SWF.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 278KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Screen2SWF/mp3enc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

beCloseStream
beDeinitStream
beEncodeChunk
beEncodeChunkFloatS16NI
beFlushNoGap
beInitStream
beVersion
beWriteInfoTag
beWriteVBRHeader
lame_close
lame_encode_buffer_interleaved
lame_encode_flush
lame_get_in_samplerate
lame_get_num_channels
lame_get_num_samples
lame_get_out_samplerate
lame_get_scale
lame_get_scale_left
lame_get_scale_right
lame_init
lame_init_params
lame_mp3_tags_fid
lame_set_in_samplerate
lame_set_num_channels
lame_set_num_samples
lame_set_out_samplerate
lame_set_scale
lame_set_scale_left
lame_set_scale_right

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Screen2SWF/pics/Thumbs.db
Screen2SWF/pics/arrow_e.png
.png
Screen2SWF/pics/arrow_n.png
.png
Screen2SWF/pics/arrow_ne.png
.png
Screen2SWF/pics/arrow_nw.png
.png
Screen2SWF/pics/arrow_s.png
.png
Screen2SWF/pics/arrow_se.png
.png
Screen2SWF/pics/arrow_sw.png
.png
Screen2SWF/pics/arrow_w.png
.png
Screen2SWF/pics/cloud1.png
.png
Screen2SWF/pics/cloud2.png
.png
Screen2SWF/pics/frame_black.png
.png
Screen2SWF/pics/frame_black_dot.png
.png
Screen2SWF/pics/frame_red.png
.png
Screen2SWF/pics/frame_red_dot.png
.png
Screen2SWF/pics/frame_white.png
.png
Screen2SWF/pics/frame_white_dot.png
.png
Screen2SWF/skin/Thumbs.db
Screen2SWF/skin/captip.png
.png
Screen2SWF/skin/clip1.jpg
.jpg
Screen2SWF/skin/clip2.jpg
.jpg
Screen2SWF/skin/edit.jpg
.jpg
Screen2SWF/skin/film.jpg
.jpg
Screen2SWF/skin/screen2swf.png
.png
Screen2SWF/skin/selectstep.png
.png
Screen2SWF/skin/start.png
.png
Screen2SWF/skin/steps.png
.png
Screen2SWF/skin/titleright.png
.png

Sharing

General

Malware Config

Signatures

Files

4ab890ce5bd8538138c32e6e21364435

Headers

File Characteristics

Imports

winmm

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 20KB - Virtual size: 17KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 278KB - Virtual size: 916KB

.rsrc Size: 13KB - Virtual size: 16KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 333KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 48KB - Virtual size: 248KB

.data1 Size: 36KB - Virtual size: 35KB

_DATA Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 278KB - Virtual size: 916KB

.rsrc
Size: 13KB - Virtual size: 16KB

.text
Size: 336KB - Virtual size: 333KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 48KB - Virtual size: 248KB

.data1
Size: 36KB - Virtual size: 35KB

_DATA
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 13KB