1a2ae380a4d059b3273129b32c310e0d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1a2ae380a4d059b3273129b32c310e0d_JaffaCakes118
Size

267KB
MD5

1a2ae380a4d059b3273129b32c310e0d
SHA1

03ee9c56a9b41638b159ecc69308476b4bae53bf
SHA256

1583d80cb807d5ab79efbe31e3aee76004ec1a297f7cf81fa8d76b0686cff2b8
SHA512

3ec8d78d3770455cddfa0c52eed248d6709c1fd9a6631106e173f30c8d8b88c0541603e377401e7569210d0739be30d5a67fcf282585c61f374751050bd48cbd
SSDEEP

6144:/rnmO9tcLQFHjZjGEV+1aL4gxrBsJdDbOUi1Jac:/rn+MjZHggMeBsJdDCUi1Jp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qs/轻松远程控制.exe

Files

1a2ae380a4d059b3273129b32c310e0d_JaffaCakes118
.rar
qs/轻松远程控制.exe
.exe windows:4 windows x86 arch:x86

a7a17c8e65d96a9a55191b404fcce3b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3370
ord3640
ord693
ord686
ord860
ord384
ord2370
ord2302
ord2862
ord1168
ord2096
ord3998
ord6648
ord939
ord941
ord858
ord3301
ord3996
ord2379
ord2859
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3721
ord616
ord4402
ord2446
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1146
ord537
ord755
ord470
ord2582
ord6334
ord4171
ord4224
ord540
ord3092
ord3874
ord535
ord800
ord4234
ord641
ord324
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord823
ord825
ord567
ord1200
ord818
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord5163
ord2124
ord5261
ord1727
ord5065
ord2385
ord5241
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord4673
ord6374
ord4407
ord1776
ord4078
ord795
ord6055
ord1576

msvcrt

__CxxFrameHandler
sprintf
strstr
_mbscmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_setmbcp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

MultiByteToWideChar
VirtualFree
VirtualAlloc
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CreateThread
Sleep
FindFirstFileA
FindNextFileA
FindClose
GetDriveTypeA
FindResourceA
SizeofResource
LoadResource
LockResource
LocalAlloc
CreateToolhelp32Snapshot
Process32First
GetLastError
Process32Next
OutputDebugStringA
WideCharToMultiByte
CreateFileA
WriteFile
CloseHandle
VirtualQuery
lstrlenW
lstrcpyW
GetProcAddress
LoadLibraryA
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA

user32

IsIconic
EnableWindow
GetClientRect
SendMessageA
LoadIconA
GetDC
DrawIcon
GetSystemMetrics

gdi32

BitBlt
GetDIBits
SetDIBitsToDevice
SelectObject
DeleteObject
CreateDCA
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC

advapi32

RegQueryInfoKeyA
RegCloseKey
OpenSCManagerA
EnumServicesStatusA
RegOpenKeyExA
RegEnumKeyExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7a17c8e65d96a9a55191b404fcce3b9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 420KB - Virtual size: 419KB

.rsrc Size: 188KB - Virtual size: 187KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 420KB - Virtual size: 419KB

.rsrc
Size: 188KB - Virtual size: 187KB