043dc8d88c1e3504e46d1fe5c529b7c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

043dc8d88c1e3504e46d1fe5c529b7c5_JaffaCakes118
Size

437KB
MD5

043dc8d88c1e3504e46d1fe5c529b7c5
SHA1

f2b27940ba276a328cac99b4bf28cd04cccbf530
SHA256

61a60147a135fc3de1b1fc906cd66cfe2bb56bb47d7b60e7936a7908812d63c4
SHA512

a01d2c42c44357fc47736a54c63ce5685c0a87a5454cf9ba4387d034ff618714774e201beb1d6896f47087135f84902ed668bce9086776fec422b2f46cf50329
SSDEEP

12288:/6wa5eT6Cz6Y0WnNMJkiPNgFR3VHYzepR:/6waIpcWnNVEgFJV4ypR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Recover4all.Pro.exe

Files

043dc8d88c1e3504e46d1fe5c529b7c5_JaffaCakes118
.rar
Recover4all.Pro.exe
.exe windows:4 windows x86 arch:x86

7ddc8a0c20627fd4913ab93f34b77aff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
FindExecutableA

user32

SetForegroundWindow
EndDialog
DefWindowProcA
GetWindowWord
SetWindowWord
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
RegisterClassA
OemToCharBuffA
LoadCursorA
CharUpperBuffA
GetLastActivePopup
ShowWindow
PostMessageA
SendMessageA
EnableWindow
DestroyWindow
SetWindowTextA
SetActiveWindow
SetTimer
KillTimer
DialogBoxIndirectParamA
GetDlgItemTextA
SetWindowPos
GetKeyState
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA
SetCursor
CharNextA
GetWindowRect
GetSystemMetrics

kernel32

CreateDirectoryA
GetVolumeInformationA
_lclose
GlobalFree
RtlUnwind
GetCommandLineA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmpiA
GetWindowsDirectoryA
GetEnvironmentVariableA
LocalAlloc
LocalFree
GlobalHandle
GlobalUnlock
_lopen
GlobalAlloc
GlobalLock
WinExec
_llseek
GetDriveTypeA
_lread
_lwrite
lstrlenA
lstrcatA
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lcreat
lstrcpyA

gdi32

SetTextAlign
SetBkColor
SetTextColor
DeleteObject
GetBkColor
GetTextExtentPoint32A
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

advapi32

RegQueryValueA

comctl32

ord17

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7ddc8a0c20627fd4913ab93f34b77aff

Headers

File Characteristics

Imports

shell32

user32

kernel32

gdi32

advapi32

comctl32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 28KB - Virtual size: 25KB

_winzip_ Size: 416KB - Virtual size: 416KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 25KB

_winzip_
Size: 416KB - Virtual size: 416KB