2279aae69b1a8f655703e452432cfe3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2279aae69b1a8f655703e452432cfe3d_JaffaCakes118
Size

1.7MB
MD5

2279aae69b1a8f655703e452432cfe3d
SHA1

bc1ab4a241921e84668718c81e8d4bcf8f5cd2a1
SHA256

54bf250dfd7712f29aaa0948801b4c3e6d461c948054991aadde8f9b2ad0d31b
SHA512

b4e7a08138cddb6e4817338159beba1c2d5c8dc27650f04c97bd4f00d32027b644f86cf3da13d6ae66ac73d1b6f32efed06bd669853714c7c9a5570aef5f822a
SSDEEP

49152:F6Z9lay5a77nujQtXycqTR1b9Wl6+g7t2k:4Z9lay+7tXycoR2Hg7wk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FlashRenamer50_Setup.exe
unpack001/patch.exe

Files

2279aae69b1a8f655703e452432cfe3d_JaffaCakes118
.rar
FlashRenamer50_Setup.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
patch.exe
.exe windows:4 windows x86 arch:x86

1eae0d37eb5a00a753e7a55351af7932

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowRgn
SetWindowLongA
SetFocus
SetWindowTextA
ShowWindow
SetDlgItemTextA
SetClassLongA
SetCapture
SendMessageA
ReleaseCapture
RedrawWindow
PtInRect
OffsetRect
MessageBoxA
LoadIconA
LoadCursorA
IsDlgButtonChecked
InvalidateRect
GetWindowRect
GetWindowLongA
GetParent
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
GetCursorPos
GetCapture
GetActiveWindow
EndDialog
DrawTextA
DialogBoxParamA
CheckDlgButton
CallWindowProcA

kernel32

RtlZeroMemory
CompareStringA
GetModuleFileNameA
SetCurrentDirectoryA
CreateDirectoryA
FlushFileBuffers
WriteFile
lstrlenA
lstrcpyA
lstrcmpiA
lstrcatA
WinExec
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
FreeLibrary
GetCommandLineA
GetFileAttributesA
GetFileSize
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
LoadResource
MapViewOfFile
RtlMoveMemory
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SizeofResource
UnmapViewOfFile

shell32

ShellExecuteA

gdi32

GetStockObject
RoundRect
SelectObject
CreateFontIndirectA
CreateSolidBrush
ExtCreateRegion
GetObjectA
SetTextColor
SetBkMode
SetBkColor

comctl32

InitCommonControls

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

comdlg32

GetOpenFileNameA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

1eae0d37eb5a00a753e7a55351af7932

Headers

File Characteristics

Imports

user32

kernel32

shell32

gdi32

comctl32

advapi32

comdlg32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 189KB - Virtual size: 189KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 189KB - Virtual size: 189KB