173d6a0f4b13c47839ef2e94486c3a6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

173d6a0f4b13c47839ef2e94486c3a6a_JaffaCakes118
Size

6.6MB
MD5

173d6a0f4b13c47839ef2e94486c3a6a
SHA1

2fc8bcb4f4a12097b8bdcf8128596dbfbc15a07d
SHA256

dba6878ec77b47c7602039b3984fe17e06d3be94da34d04a8621157249338fb1
SHA512

e70f8d5dddf72ad94784cadbcb0e82f4631f32e0020188a35fa95f99d913a1235deca9e195fea544521805d029ebf55efc5f1a513b5880acb5b03a23f19b84ce
SSDEEP

196608:2pojBm4Zgb0p7m5OM/9gTLDYLOhK1e0zuXFtWGE1:dm4ZxonWLDYLqCzu1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca_setup.exe

Files

173d6a0f4b13c47839ef2e94486c3a6a_JaffaCakes118
.rar
ca_setup.exe
.exe windows:4 windows x86 arch:x86

80e39e4a5aae5758f11c19884114f191

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
_lopen
_lcreat
lstrcpyA
GetProcAddress
_lclose
lstrlenA
GetWindowsDirectoryA
GlobalHandle
_lwrite
_llseek
FreeLibrary
WinExec
GlobalFree
_lread
GlobalUnlock
GetModuleFileNameA
SetErrorMode
GlobalLock
GetLastError
GetCurrentProcess
WriteFile
GetStdHandle
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
GlobalAlloc
DeleteFileA
FreeEnvironmentStringsA
GetEnvironmentStrings
RtlUnwind
VirtualAlloc
UnhandledExceptionFilter
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
FreeEnvironmentStringsW
VirtualFree
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion

user32

ExitWindowsEx
LoadCursorA
MessageBoxA
RegisterClassA
SetWindowPos
LoadIconA
UpdateWindow
ShowWindow
ReleaseDC
wsprintfA
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcA
SendMessageA
InvalidateRect
GetClientRect
CreateWindowExA
GetDC

gdi32

DeleteObject
GetDeviceCaps
RealizePalette
GetStockObject
SelectObject
PatBlt
SelectPalette
CreatePalette
CreateSolidBrush

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 937B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

80e39e4a5aae5758f11c19884114f191

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 1024B - Virtual size: 937B

.data Size: 5KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 924B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 1024B - Virtual size: 937B

.data
Size: 5KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 924B

.reloc
Size: 2KB - Virtual size: 1KB