02ddd83ef459a836d7784579fe2e940d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02ddd83ef459a836d7784579fe2e940d_JaffaCakes118
Size

850KB
MD5

02ddd83ef459a836d7784579fe2e940d
SHA1

ccf1d667ab91d6693ac9732e22b492e123f600c2
SHA256

87474fe597255a70149f19628d2e380cd444b717e54046a3bcd582639964f0fb
SHA512

914835e3ec1a93c869dc8d2a2b844098560b98cdd8ca9c84b682df1700f0721638a4a9b9f48fe2e0d398e8f4c707506b35abfffcdbd5a9373e72e57a7d7288e0
SSDEEP

24576:q1qYE45MVhyAClYPZ1/mRZt2GeyYSgWItvRWa:qS45MV0rlYvmzt2rRtJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen/keygen.exe
unpack001/setup.exe

Files

02ddd83ef459a836d7784579fe2e940d_JaffaCakes118
.rar
155绿色软件站.url
.url
License.rtf
.rtf
VMonSetup.msi
.msi
Vmon Help.rtf
.rtf
keygen/keygen.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\blubb\documents\visual studio 2010\Projects\VMon\VMon\obj\x86\Release\VMon.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:5 windows x86 arch:x86

784112ee3c1da4bbf1f4ee95a0d306fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

CreateFileW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
SetFilePointer
HeapSetInformation
CreateEventA
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceA
GetVersionExA
CompareStringA
GetFileAttributesA
GetModuleFileNameA
DeleteFileA
MultiByteToWideChar
GetTempPathA
LocalFree
FormatMessageA
GetTimeFormatA
GetDateFormatA
CreateDirectoryA
CopyFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
GetCurrentProcess
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
Sleep
GetDiskFreeSpaceExA
IsValidCodePage
EndUpdateResourceA
DeleteCriticalSection
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrlenW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetTickCount
FindFirstFileA
FindNextFileA
GetTempFileNameA
FindClose
GetProcessHeap
UpdateResourceA
BeginUpdateResourceA
LoadLibraryA
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetEndOfFile
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
HeapAlloc
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetLastError
GetProcAddress
FreeLibrary
WriteFile
LocalAlloc
InterlockedExchange
RaiseException
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter

gdi32

GetStockObject
GetObjectA
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A

ole32

CoInitialize
CoUninitialize

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA
ShellExecuteExA

user32

ShowScrollBar
GetClientRect
SetClassLongA
LoadCursorA
SetCursor
SetWindowTextA
CreateDialogIndirectParamA
CreateDialogParamA
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
ScreenToClient
MoveWindow
LoadImageA
SetDlgItemTextA
SendMessageA
GetDlgItem
MsgWaitForMultipleObjects
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
ShowWindow
SendDlgItemMessageA
GetWindowRect
SystemParametersInfoA
ExitWindowsEx
CharNextA
MessageBoxA
DrawTextW
GetSystemMetrics
GetDC
GetDialogBaseUnits
ReleaseDC
MessageBoxW
LoadIconA

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ver.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 197KB - Virtual size: 197KB

.sdata Size: 512B - Virtual size: 140B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

784112ee3c1da4bbf1f4ee95a0d306fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

ole32

shell32

user32

Sections

.text Size: 291KB - Virtual size: 290KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 197KB - Virtual size: 197KB

.sdata
Size: 512B - Virtual size: 140B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 291KB - Virtual size: 290KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 17KB - Virtual size: 16KB