0f7b4a483061523cccff05c7b45168ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f7b4a483061523cccff05c7b45168ab_JaffaCakes118
Size

7.8MB
MD5

0f7b4a483061523cccff05c7b45168ab
SHA1

128393497211754276d4f25d1d701174c4cecb60
SHA256

ebf7e5e6fd358da98f8070d3b5d3ed92841550b654d1a1a1dddf7d84ac4d0833
SHA512

11d709bd62f687d601427be7e63fa4a1e4514e7985343947bb04e5eaaf0feb07a163498ab3405d8952a2a1aec46c0cf439ea792024a0351c6e9c1c5f84672da5
SSDEEP

196608:JCabXvr/9/hKHvA0C0lS1q/oqzRBIEJ5WoOwJpJ9OBG95xmYAraodFL8B:7hUHvZmDqIE6oOIpi2ArlLK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.Exe

Files

0f7b4a483061523cccff05c7b45168ab_JaffaCakes118
.rar
Access2MySQLPro_5.7.1.msi
.msi
Setup.Exe
.exe windows:4 windows x86 arch:x86

16565ac95a428f6ccd17d07d629c1a8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msiloadr.pdb

Imports

oleaut32

VarUI4FromStr
SysAllocStringLen
GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString

ole32

OleRun
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

kernel32

lstrcmpA
CloseHandle
CreateFileA
Sleep
SetLastError
GetTickCount
GetPrivateProfileStringA
GetModuleFileNameA
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
WideCharToMultiByte
lstrlenW
IsBadReadPtr
GetProcAddress
WriteFile
ReadFile
DeleteFileW
SetErrorMode
LoadLibraryExA
MultiByteToWideChar
LoadResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
GetUserDefaultLCID
GetEnvironmentVariableA
GetVersion
CreateFileW
FindResourceW
GlobalAlloc
GetModuleFileNameW
GetTempFileNameW
GetTempPathW
LoadLibraryExW
GetLocaleInfoA
InterlockedExchange
LocalFree
GetTempFileNameA
GetTempPathA
GlobalFree
CreateMutexA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
HeapSize
IsBadWritePtr
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
RtlUnwind
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
GetACP
FlushFileBuffers
SetFilePointer
IsBadCodePtr

user32

LoadStringA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
CharNextA

shell32

ShellExecuteA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.Ini
WhatsNew.txt
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

16565ac95a428f6ccd17d07d629c1a8c

Headers

File Characteristics

PDB Paths

Imports

oleaut32

ole32

kernel32

user32

shell32

version

advapi32

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 3KB