19d7ced60c10ce7f3396d28172641b89_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

19d7ced60c10ce7f3396d28172641b89_JaffaCakes118
Size

11.0MB
MD5

19d7ced60c10ce7f3396d28172641b89
SHA1

5df236efd3fe8d223cd2aaf9d49daac9e6939196
SHA256

236aa3f0c90eabae780df59429fc87fbff76d9b18bbdf7e8298429d07a3f71ae
SHA512

8297550129f62f6ff559068964c655575c30bb51f92dc5b83c96c51738fb43254c0a8cb280a4bd315b26a11229064af3d14e63b19f200755611cce84450a6bba
SSDEEP

196608:WVE4hrUCjoAwOQ8Q5MQDteggio65EveXyh6oo3NOiZKjpXJslGsRg6+GpQT9:ELhr0AmZGyVgioUlboo3NM9J8GK+Qi9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

19d7ced60c10ce7f3396d28172641b89_JaffaCakes118
.rar
setup.exe
.exe windows:5 windows x86 arch:x86

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

EndUpdateResourceA
MultiByteToWideChar
IsValidCodePage
GetDiskFreeSpaceExA
Sleep
SetFilePointer
FindResourceA
LoadResource
LockResource
SizeofResource
CreateEventA
SetEvent
FormatMessageA
LocalFree
CreateProcessA
GetModuleFileNameA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetSystemDirectoryA
GetVersionExA
CompareStringA
GetSystemInfo
GetCurrentProcess
GetFileAttributesA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateDirectoryA
CopyFileA
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
GetWindowsDirectoryA
GetDateFormatA
GetTimeFormatA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
RaiseException
RtlUnwind
CloseHandle
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetTickCount
FindNextFileA
FindClose
FindFirstFileA
WriteFile
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetThreadLocale
UpdateResourceA
BeginUpdateResourceA
LocalAlloc
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateProcessW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion

gdi32

CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject

user32

ScreenToClient
SetClassLongA
LoadCursorA
SetCursor
LoadIconA
LoadImageA
SetFocus
GetFocus
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA
SetWindowTextA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
DestroyWindow
ShowWindow
SetForegroundWindow
MoveWindow
CreateDialogParamA
CreateDialogIndirectParamA
SendMessageA
GetClientRect
ShowScrollBar
SendDlgItemMessageA
SystemParametersInfoA
GetWindowRect
CharNextA
ExitWindowsEx
MessageBoxA
GetSystemMetrics
DrawTextW
ReleaseDC
GetDialogBaseUnits
LoadStringA
GetDC
MessageBoxW

ole32

CoUninitialize
CoInitialize

shell32

ShellExecuteA
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteExA

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wqEtripSetUp.msi
.msi
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

ole32

shell32

Sections

.text Size: 283KB - Virtual size: 282KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 122KB - Virtual size: 122KB

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 122KB - Virtual size: 122KB