196ae3a3dc15877ce33354b05fe30576_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

196ae3a3dc15877ce33354b05fe30576_JaffaCakes118
Size

4.6MB
MD5

196ae3a3dc15877ce33354b05fe30576
SHA1

4af44443d4d08bcb2b55a6121cfd44b29a6d3945
SHA256

52d8d465d213847ec66f9fdd3e5afa78c243bc4d6e50ebb65c2e2152fa518b46
SHA512

48a2b5f77055276c36c5980d292652189ff8c00447df2393a460d5fbf84262873c5d88427399f0d391d7a45c2f92788fa831cc217d36cb1700b39afb268b405b
SSDEEP

98304:KqbHbsEUj+9RezfGCKU4gp3TISbZg+4Rp4f3tGyZ+q1xIfX7hgC7rIL53A:Kqb7sEi+9gRDUSIRp4vtGAn1slFwL53A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_Class/Setup.exe

Files

196ae3a3dc15877ce33354b05fe30576_JaffaCakes118
.rar
e_Class/SETUP.BMP
e_Class/Setup.exe
.exe windows:4 windows x86 arch:x86

1587667a9213858ec359e2a9b06626fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

HeapDestroy
GetModuleHandleA
GetStartupInfoA
HeapCreate
ExitProcess
GetCommandLineA
AddAtomA
HeapAlloc
HeapFree
LockResource
LoadResource
FindResourceA
FindResourceExA
SetErrorMode
SetEvent
FormatMessageA
InterlockedDecrement
CreateProcessA
OpenEventA
lstrcpyA
GetTempFileNameA
GetTempPathA
WaitForSingleObject
GetFileAttributesA
GetLastError
CreateDirectoryA
GetShortPathNameA
GetWindowsDirectoryA
SetFileAttributesA
SetLastError
lstrlenA
CompareStringA
CompareStringW
GetVersionExA
GlobalLock
GetPrivateProfileIntA
GetPrivateProfileStringA
GetUserDefaultLangID
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
GetAtomNameA
DeleteFileA
Sleep
CloseHandle
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalFree
MultiByteToWideChar
CreateFileA
CopyFileA
LocalFree
GlobalAlloc

user32

EndDialog
SetWindowLongA
DialogBoxIndirectParamA
GetWindowLongA
MessageBoxA
GetDlgItem
SendMessageA
DestroyWindow
GetClientRect
GetWindowRect
MoveWindow
CharUpperA
CharLowerA
wsprintfA
PeekMessageA
GetDC
ReleaseDC
CreateDialogParamA
BeginPaint
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadImageA
GetDesktopWindow
CreateDialogIndirectParamA
EndPaint
SetDlgItemTextA
CharNextA

gdi32

DeleteDC
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetSystemPaletteEntries
GetDIBColorTable
BitBlt

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoFreeAllLibraries

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
VariantClear

lz32

LZClose
LZOpenFileA
LZCopy

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e_Class/Setup.ini
e_Class/Setup.inx
e_Class/data1.cab
e_Class/data1.hdr
e_Class/data2.cab
e_Class/ikernel.ex_
e_Class/layout.bin
e_Class/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

1587667a9213858ec359e2a9b06626fd

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

lz32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 127KB - Virtual size: 127KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 127KB - Virtual size: 127KB