00198544a499bbbe8dd41cda7a40e39b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00198544a499bbbe8dd41cda7a40e39b_JaffaCakes118
Size

3.3MB
MD5

00198544a499bbbe8dd41cda7a40e39b
SHA1

f1336d8d67a4407dffbe74be28bafa31a07c907c
SHA256

ce12dfed114727aa6344aabee24e108469c41d71f81ca49da438c66534968add
SHA512

f2307a5ab53c44a65db88d829c9bcb80a2bde679aaf637d6e330a55d95f709e1fc6da66760c0bdd9518ff98556943943e0f42f15f5608b1d2910147158027008
SSDEEP

98304:mAk5LLSW6GJ5UbUuaoQk13BIk33nNH2gZ/euRXOFcV:nULH5JGbhhQKCIXp1/JRXDV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keymaker/Keymaker.exe
unpack001/ismpr23887.exe

Files

00198544a499bbbe8dd41cda7a40e39b_JaffaCakes118
.rar
Keymaker/Keymaker.exe
.exe windows:4 windows x86 arch:x86

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileSectionA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

ARN
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oWnZ
Size: 143KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

every1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

in
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0day
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

world!
Size: 6KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ismpr23887.exe
.exe windows:4 windows x86 arch:x86

32726bf41d53aa35424030983f9b5439

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
ReadFile
CreateDirectoryA
GetPrivateProfileStringA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
DeleteFileA
FreeLibrary
GetTempFileNameA
LoadLibraryA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcmpA
IsDBCSLeadByte
LockResource
LoadResource
FormatMessageA
GetLastError
CreateProcessA
WaitForSingleObject
GetStartupInfoA
RemoveDirectoryA
FindNextFileA
ExitProcess
MulDiv
GetSystemDefaultLCID
GetModuleFileNameA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileSectionA
GetShortPathNameA
MoveFileExA
lstrcatA
GetFileAttributesA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
GetDiskFreeSpaceA
FindFirstFileA
FindClose
lstrcpyA
lstrlenA
FindResourceA
CompareStringA
lstrcpynA
CloseHandle
SetStdHandle
LCMapStringW
LCMapStringA
RtlUnwind
GetFileType
FlushFileBuffers
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
GetModuleHandleA
HeapFree
HeapAlloc

user32

wsprintfA
GetWindowLongA
TranslateMessage
DispatchMessageA
LoadStringA
FindWindowExA
SendMessageA
SetWindowTextA
GetWindowTextA
GetWindow
GetParent
EndDialog
SetDlgItemTextA
SendDlgItemMessageA
CharNextA
IsCharAlphaA
CharNextExA
GetDesktopWindow
GetDlgItemTextA
KillTimer
EnableWindow
SetTimer
PostMessageA
SetFocus
CreateDialogParamA
DestroyWindow
GetDlgItem
GetDC
ReleaseDC
ScreenToClient
SetWindowLongA
CreateWindowExA
GetWindowRect
SystemParametersInfoA
GetClientRect
SetWindowPos
GetSysColor
MessageBeep
GetClassNameA
DialogBoxParamA
MessageBoxA
PeekMessageA
MapWindowPoints

gdi32

CreateFontIndirectA
TextOutA
SetTextColor
SelectObject
SetBkMode
GetTextExtentPointA
GetDeviceCaps
GetObjectA
DeleteObject

comctl32

ord17
PropertySheetA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

lz32

LZOpenFileA
LZCopy
LZClose

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

Imports

kernel32

Sections

ARN Size: - Virtual size: 196KB

oWnZ Size: 143KB - Virtual size: 148KB

every1 Size: 4KB - Virtual size: 8KB

in Size: 39KB - Virtual size: 60KB

0day Size: 6KB - Virtual size: 6KB

world! Size: 6KB - Virtual size: 27KB

32726bf41d53aa35424030983f9b5439

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

advapi32

shell32

lz32

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 13KB - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 36KB - Virtual size: 35KB

ARN
Size: - Virtual size: 196KB

oWnZ
Size: 143KB - Virtual size: 148KB

every1
Size: 4KB - Virtual size: 8KB

in
Size: 39KB - Virtual size: 60KB

0day
Size: 6KB - Virtual size: 6KB

world!
Size: 6KB - Virtual size: 27KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 13KB - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 36KB - Virtual size: 35KB