171fef1935717064a056d5cb1bdba552_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

171fef1935717064a056d5cb1bdba552_JaffaCakes118
Size

7.3MB
MD5

171fef1935717064a056d5cb1bdba552
SHA1

a5ea3d5f9673c936f6f8007ec58c26b274a21474
SHA256

840f75e27fcc7f37c83848e078c93b08d2e136d84e2cff1194a7ab8fefcf53fc
SHA512

edcf87bfb7237a9ff9ded213811a2b0a62d0f767b316cee0fe513cb840564f76085aab88cee0dd55da02f3996e40b013b045d9a58dd5a28495d7b1da317cbeca
SSDEEP

196608:Jn5CIVmb8u9oBSrtw0iRXaoG6WtLyaou8Qa6PL4gOm:J5CIVdvsyfqsIL8u7l

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Setup.exe
unpack003/run.exe
unpack004/Setup.exe

Files

171fef1935717064a056d5cb1bdba552_JaffaCakes118
.zip
.version
GnuCache.net
WebCache.net
names/3324.zip.nms
names/3325.zip.nms
names/3326.rar.nms
names/3327.mov.nms
names/3328.mov.kws
names/3328.mov.nms
names/3329.mov.nms
names/3330.torrent.nms
names/3331.torrent.nms
templates/3324.zip
.zip
Checked by SiteAdvisor.com.txt
Downloaded from Torrentcafe.com.txt
FILE_ID.DIZ
Setup.exe
.exe windows:5 windows x86 arch:x86

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

tree_peek_ndr
char_from_ndr
char_array_from_ndr
UuidCompare
RpcSsGetContextBinding
RpcSsEnableAllocate
RpcSmClientFree
RpcServerUseProtseqIfA
CStdStubBuffer_Disconnect
RpcServerUseProtseqEpExA
RpcNetworkInqProtseqsA
MIDL_wchar_strcpy
DceErrorInqTextA
CStdStubBuffer_QueryInterface

ntdll

RtlSplay
RtlNtStatusToDosError
RtlSetInformationAcl
RtlUnwind
RtlpWaitForCriticalSection
ZwDelayExecution
ZwExtendSection
NtSetThreadExecutionState
NtMapUserPhysicalPagesScatter
DbgUiConnectToDbg
NtStartProfile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA

crtdll

wcstombs
setbuf
iswdigit
iswalnum
_ltow
_j0
_ismbcprint
_chsize
_ecvt
_exit
_fdopen
_finite
_getdrive

userenv

DestroyEnvironmentBlock
FreeGPOListW
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW
GetAppliedGPOListW
EnterCriticalPolicySection

kernel32

lstrcpynA
WriteProcessMemory
WritePrivateProfileStructW
WritePrivateProfileSectionW
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
UnregisterWaitEx
SetVolumeMountPointA
SetLastError
SetEnvironmentVariableA
OpenMutexA
MoveFileW
HeapAlloc
Heap32ListNext
GlobalUnWire
GlobalDeleteAtom
GetWindowsDirectoryW
GetUserDefaultUILanguage
GetTimeZoneInformation
GetSystemTime
GetPrivateProfileStringA
GetNumberFormatA
GetCommandLineA
GetBinaryTypeW
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeW
ExitProcess
CreateFileMappingW
CreateDirectoryW
BuildCommDCBA

Exports

Exports

HxgrzqzF
Raxrwzwb
WEwVi
aJNtd
bOjsx
gInKCxt
iNqphqr
lNbut
lwigbhz
nWsLtr
pmqhtjnS
qiivWkLf
scqNeYMu
tlfTr
vlsYvkm

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 486KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ViKiNG.nfo
templates/3325.zip
.zip
Checked by SiteAdvisor.com.txt
Downloaded from Torrentcafe.com.txt
FILE_ID.DIZ
ViKiNG.nfo
run.exe
.exe windows:5 windows x86 arch:x86

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

tree_peek_ndr
char_from_ndr
char_array_from_ndr
UuidCompare
RpcSsGetContextBinding
RpcSsEnableAllocate
RpcSmClientFree
RpcServerUseProtseqIfA
CStdStubBuffer_Disconnect
RpcServerUseProtseqEpExA
RpcNetworkInqProtseqsA
MIDL_wchar_strcpy
DceErrorInqTextA
CStdStubBuffer_QueryInterface

ntdll

RtlSplay
RtlNtStatusToDosError
RtlSetInformationAcl
RtlUnwind
RtlpWaitForCriticalSection
ZwDelayExecution
ZwExtendSection
NtSetThreadExecutionState
NtMapUserPhysicalPagesScatter
DbgUiConnectToDbg
NtStartProfile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA

crtdll

wcstombs
setbuf
iswdigit
iswalnum
_ltow
_j0
_ismbcprint
_chsize
_ecvt
_exit
_fdopen
_finite
_getdrive

userenv

DestroyEnvironmentBlock
FreeGPOListW
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW
GetAppliedGPOListW
EnterCriticalPolicySection

kernel32

lstrcpynA
WriteProcessMemory
WritePrivateProfileStructW
WritePrivateProfileSectionW
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
UnregisterWaitEx
SetVolumeMountPointA
SetLastError
SetEnvironmentVariableA
OpenMutexA
MoveFileW
HeapAlloc
Heap32ListNext
GlobalUnWire
GlobalDeleteAtom
GetWindowsDirectoryW
GetUserDefaultUILanguage
GetTimeZoneInformation
GetSystemTime
GetPrivateProfileStringA
GetNumberFormatA
GetCommandLineA
GetBinaryTypeW
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeW
ExitProcess
CreateFileMappingW
CreateDirectoryW
BuildCommDCBA

Exports

Exports

GpYqcJd
Oehgi
ahorrt
bxqshixs
doeJu
gHzngWkd
hmvkbld
hrRotpa
jihmOc
kugux
nCvUcgns
qkyssmmv
qmuxfu
qohmp
vbkbqmPm

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 486KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
templates/3326.rar
.rar
Checked by SiteAdvisor.com.txt
Downloaded from Torrentcafe.com.txt
FILE_ID.DIZ
Setup.exe
.exe windows:5 windows x86 arch:x86

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

tree_peek_ndr
char_from_ndr
char_array_from_ndr
UuidCompare
RpcSsGetContextBinding
RpcSsEnableAllocate
RpcSmClientFree
RpcServerUseProtseqIfA
CStdStubBuffer_Disconnect
RpcServerUseProtseqEpExA
RpcNetworkInqProtseqsA
MIDL_wchar_strcpy
DceErrorInqTextA
CStdStubBuffer_QueryInterface

ntdll

RtlSplay
RtlNtStatusToDosError
RtlSetInformationAcl
RtlUnwind
RtlpWaitForCriticalSection
ZwDelayExecution
ZwExtendSection
NtSetThreadExecutionState
NtMapUserPhysicalPagesScatter
DbgUiConnectToDbg
NtStartProfile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA

crtdll

wcstombs
setbuf
iswdigit
iswalnum
_ltow
_j0
_ismbcprint
_chsize
_ecvt
_exit
_fdopen
_finite
_getdrive

userenv

DestroyEnvironmentBlock
FreeGPOListW
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW
GetAppliedGPOListW
EnterCriticalPolicySection

kernel32

lstrcpynA
WriteProcessMemory
WritePrivateProfileStructW
WritePrivateProfileSectionW
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
UnregisterWaitEx
SetVolumeMountPointA
SetLastError
SetEnvironmentVariableA
OpenMutexA
MoveFileW
HeapAlloc
Heap32ListNext
GlobalUnWire
GlobalDeleteAtom
GetWindowsDirectoryW
GetUserDefaultUILanguage
GetTimeZoneInformation
GetSystemTime
GetPrivateProfileStringA
GetNumberFormatA
GetCommandLineA
GetBinaryTypeW
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeW
ExitProcess
CreateFileMappingW
CreateDirectoryW
BuildCommDCBA

Exports

Exports

afgyr
ladHD
mxxkx
rmsWkepq
vrxkn
xvzxg
znyVnm

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 486KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ViKiNG.nfo
templates/3327.mov
templates/3328.mov
templates/3329.mov
templates/3330.torrent
templates/3331.torrent

Sharing

General

Malware Config

Signatures

Files

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

Imports

rpcrt4

ntdll

version

crtdll

userenv

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 486KB - Virtual size: 1.1MB

.rsrc Size: 26KB - Virtual size: 26KB

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

Imports

rpcrt4

ntdll

version

crtdll

userenv

kernel32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 486KB - Virtual size: 1.1MB

.rsrc Size: 26KB - Virtual size: 26KB

357990f33d6e0c05281b756448fa2619

Headers

File Characteristics

Imports

rpcrt4

ntdll

version

crtdll

userenv

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 486KB - Virtual size: 1.1MB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 486KB - Virtual size: 1.1MB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 486KB - Virtual size: 1.1MB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 486KB - Virtual size: 1.1MB

.rsrc
Size: 26KB - Virtual size: 26KB