192b870207a391dcb95a4ff3400cf649_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

192b870207a391dcb95a4ff3400cf649_JaffaCakes118
Size

270KB
MD5

192b870207a391dcb95a4ff3400cf649
SHA1

eac8f478033e7621756082689237e113dd55f061
SHA256

27c14eed74e5226dcd3431e3f83b6ecb500bdccb69965111093da440dc769cb2
SHA512

3f913c6297cc8f482460616a3c13a7b4f8c1890002d9e6c07b16278555bd51ff5ff3287fbb8d72afcf663e8b9696e16500caa1bbe94672b4376a647e7e07448a
SSDEEP

6144:pbLEAYG6LUYBw6dvnMbFYQInrJrUmb4HpZq5G+wAd:pbLE6IzLnM0JgmQpZq5GvG

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_HashTab-v3.0/HashTab32.dll
unpack001/ha_HashTab-v3.0/卸载.exe
unpack001/ha_HashTab-v3.0/绿化.exe

Files

192b870207a391dcb95a4ff3400cf649_JaffaCakes118
.rar
ha_HashTab-v3.0/HashTab32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

374729113e0d05cca1920c2ef2b934c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Cody Batt\Documents\Visual Studio 2008\Projects\HashTab\HashTab\Release\HashTab32.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetFileAttributesW
GetVersion
lstrcmpiW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalUnlock
GlobalLock
CreateThread
ReadFile
GetFileSize
CloseHandle
CreateFileW
LockResource
lstrlenA
FindResourceExW
GlobalAlloc
Sleep
LoadLibraryA
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetVersionExW
SetThreadLocale
GetThreadLocale
FindNextFileW
FindFirstFileW
SetEndOfFile
CreateFileA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStringTypeA
HeapCreate
GetModuleFileNameA
FlushFileBuffers
SetFilePointer
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCommandLineA
GetStdHandle
OutputDebugStringA
LoadLibraryExW
SetStdHandle
SetLastError
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
GetFileType
WriteConsoleW
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindClose

user32

PostMessageW
SetWindowTextW
ShowWindow
EnableWindow
GetActiveWindow
GetKeyState
UnregisterClassA
SendMessageW
RegisterWindowMessageW
CharNextW
GetFocus
GetSystemMetrics
InflateRect
MapWindowPoints
OffsetRect
SetWindowPos
GetCursorPos
GetDC
ReleaseDC
ClientToScreen
GetCapture
GetComboBoxInfo
CopyRect
GetWindowLongW
CallWindowProcW
GetParent
DefWindowProcW
CreateWindowExW
GetSysColor
IsWindow
DestroyWindow
EndDialog
MessageBoxW
GetDlgItem
SetDlgItemTextW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
InsertMenuItemW
TrackPopupMenu
CreatePopupMenu
DialogBoxParamW
DestroyIcon
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ScreenToClient

gdi32

SelectObject
GetTextExtentExPointW
GetTextExtentPoint32W

advapi32

RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

DragQueryFileW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString

shlwapi

PathIsDirectoryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ha_HashTab-v3.0/卸载.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_HashTab-v3.0/新云软件.url
.url
ha_HashTab-v3.0/汉化说明.txt
ha_HashTab-v3.0/绿化.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

374729113e0d05cca1920c2ef2b934c3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 19KB - Virtual size: 27KB

.rsrc Size: 78KB - Virtual size: 80KB

.reloc Size: 61KB - Virtual size: 61KB

Headers

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 37KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 3KB

.rsrc Size: 7KB - Virtual size: 6KB

Headers

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 37KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 19KB - Virtual size: 27KB

.rsrc
Size: 78KB - Virtual size: 80KB

.reloc
Size: 61KB - Virtual size: 61KB

CODE
Size: 37KB - Virtual size: 37KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 6KB

CODE
Size: 37KB - Virtual size: 37KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB