18af09fe0c71e5701b6f69da6acbbe3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18af09fe0c71e5701b6f69da6acbbe3b_JaffaCakes118
Size

665KB
MD5

18af09fe0c71e5701b6f69da6acbbe3b
SHA1

2703920ef65b81bc1b09ac884995244e4e5f3aee
SHA256

c5d33ee08373d1207fe0a16530f6e07010be08193593e00b9018b465f2f8babc
SHA512

19d1a7b56a16dc12f33ce63e20e7086a87b9a5256577641fb17384ef20f8acba0c36f0b16b24fb2bdd1b6c33ecc7072c8b00cdd5cebd918952c32f0e8d433991
SSDEEP

12288:NjFvJtsPWd1f/7F6UhsNw7+eKC5PdSGYBfYUAR2KPKU+geCdTwLHy1Xh3175B7U/:NjNwP07cUwW9KChdS9iaKPKbWdQHe354

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Screen2Exe/Player.exe
unpack001/Screen2Exe/Screen2Exe.exe

Files

18af09fe0c71e5701b6f69da6acbbe3b_JaffaCakes118
.rar
Screen2Exe/Player.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CTPImage@@QAE@ABV0@@Z
??0CTPImage@@QAE@XZ
??1CTPImage@@UAE@XZ
??4CPixel@@QAEAAU0@ABU0@@Z
??4CTPImage@@QAEAAV0@ABV0@@Z
??8CPixel@@QAEHU0@@Z
??9CPixel@@QAEHU0@@Z
??GCPixel@@QAEHU0@@Z
??YCPixel@@QAEXH@Z
??ZCPixel@@QAEXH@Z
??_7CTPImage@@6B@
?BuildGrayChannel@CTPImage@@QAEKXZ
?ChannelFrom@CTPImage@@QAEHPAVCTPChannel@@H@Z
?ComputeLaplasToAlpha@CTPImage@@QAEXXZ
?Create@CTPImage@@QAEJII@Z
?CreateNewInstance@CTPImage@@SAPAV1@XZ
?DuplicateFrom@CTPImage@@QAEHPAV1@@Z
?Free@CTPImage@@QAEXXZ
?GetAreaByteSize@CTPImage@@QAEIXZ
?GetAveragePixel@CTPImage@@QAE?AUCPixel@@XZ
?GetBuffer@CTPImage@@QAEPAUCPixel@@HH@Z
?GetGray2@CPixel@@QAEEXZ
?GetGray@CPixel@@QAEEXZ
?GetPixel2@CTPImage@@QAE?AUCPixel@@HH@Z
?GetPixel@CTPImage@@QAEKHH@Z
?GetSafePixel@CTPImage@@QAE?AUCPixel@@HH@Z
?GetSize@CTPImage@@QAEXAAI0@Z
?LoadFromFile@CTPImage@@QAEJPAD@Z
?PutPixel@CTPImage@@QAEXHHUCPixel@@@Z
?SaveToFile@CTPImage@@QAEJPAD@Z

Sections

FzH1
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FzH1
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Screen2Exe/Screen2Exe.exe
.exe windows:4 windows x86 arch:x86

d60a80fc16537113d406daaff7570584

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetCurrentDirectoryA
GetShortPathNameA
FindResourceExA
EnumResourceLanguagesA
ResumeThread
WriteProcessMemory
RaiseException
SetFileAttributesA
CreateDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LocalFree
GetProcAddress
GetModuleFileNameW
InitializeCriticalSection
WideCharToMultiByte
RtlUnwind
GetStringTypeW

user32

DefWindowProcA
SetFocus
AdjustWindowRectEx

advapi32

RegCreateKeyA
RegSetValueA
RegCloseKey

ole32

ReadClassStm
CoRegisterClassObject

oleaut32

SysAllocString

Sections

0
Size: 280KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 28KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

2
Size: 16KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 56KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 48KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Screen2Exe/pics/arrow_e.png
.png
Screen2Exe/pics/arrow_n.png
.png
Screen2Exe/pics/arrow_ne.png
.png
Screen2Exe/pics/arrow_nw.png
.png
Screen2Exe/pics/arrow_s.png
.png
Screen2Exe/pics/arrow_se.png
.png
Screen2Exe/pics/arrow_sw.png
.png
Screen2Exe/pics/arrow_w.png
.png
Screen2Exe/pics/cloud1.png
.png
Screen2Exe/pics/cloud2.png
.png
Screen2Exe/pics/frame_black.png
.png
Screen2Exe/pics/frame_black_dot.png
.png
Screen2Exe/pics/frame_red.png
.png
Screen2Exe/pics/frame_red_dot.png
.png
Screen2Exe/pics/frame_white.png
.png
Screen2Exe/pics/frame_white_dot.png
.png
Screen2Exe/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

FzH1 Size: - Virtual size: 96KB

FzH1 Size: 46KB - Virtual size: 48KB

.rsrc Size: 18KB - Virtual size: 20KB

d60a80fc16537113d406daaff7570584

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

0 Size: 280KB - Virtual size: 518KB

1 Size: 28KB - Virtual size: 157KB

2 Size: 16KB - Virtual size: 120KB

3 Size: 56KB - Virtual size: 48KB

4 Size: 48KB - Virtual size: 70KB

5 Size: 8KB - Virtual size: 4KB

6 Size: 8KB - Virtual size: 30KB

FzH1
Size: - Virtual size: 96KB

FzH1
Size: 46KB - Virtual size: 48KB

.rsrc
Size: 18KB - Virtual size: 20KB

0
Size: 280KB - Virtual size: 518KB

1
Size: 28KB - Virtual size: 157KB

2
Size: 16KB - Virtual size: 120KB

3
Size: 56KB - Virtual size: 48KB

4
Size: 48KB - Virtual size: 70KB

5
Size: 8KB - Virtual size: 4KB

6
Size: 8KB - Virtual size: 30KB