17cc3767e143a709e1ed12d123149dfe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17cc3767e143a709e1ed12d123149dfe_JaffaCakes118
Size

448KB
MD5

17cc3767e143a709e1ed12d123149dfe
SHA1

1cc293c135840dd62c9873413fae2da2827626c9
SHA256

a20871a7177466685a051f2e764853f5ea345e9b6e41548cbae2371bb0234a02
SHA512

5557503ab4fb96a42ef2262613de1791621faf5d5bf676ffafd7e3a3cab1b7acfe50a73874fcf5f5cde2ac96ed9f905b25f74a8f92e1f2f692bd17c5b3b6643c
SSDEEP

6144:oqZE27FtBAuQPn73MPmWeJJBfnfhj2DUPEBvek1ao+:oZ277beJfvMW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17cc3767e143a709e1ed12d123149dfe_JaffaCakes118

Files

17cc3767e143a709e1ed12d123149dfe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

811e4565360c19e2036a5a8347cf3687

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Proj\ShinySummerDays\野球拳\Installer_Win\Release\Installer_Win.pdb

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
Sleep
CreateDirectoryA
ReleaseMutex
GetLastError
CreateMutexA
RemoveDirectoryA
DeleteFileA
FindNextFileA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SetStdHandle
GetPrivateProfileStringA
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
LoadLibraryA
SetFilePointer
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
SetFileAttributesA
CopyFileA
CreateProcessA
CloseHandle
SetErrorMode
FindFirstFileA
FindClose
GetCPInfo
GetDiskFreeSpaceExA
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
FlushFileBuffers
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
RtlUnwind
RaiseException
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter

user32

EnableWindow
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
ShowWindow
LoadImageA
LoadCursorA
RegisterClassA
DestroyIcon
DestroyWindow
DefWindowProcA
InvalidateRect
GetWindowRect
GetSystemMetrics
SetWindowPos
EndDialog
GetParent
DialogBoxParamA
UpdateWindow
GetDlgItem
SetWindowTextA
MessageBoxA
SendMessageA
PostQuitMessage

gdi32

GetStockObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

811e4565360c19e2036a5a8347cf3687

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 388KB - Virtual size: 385KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 388KB - Virtual size: 385KB