35d23700a6fb4491ad3f61ea6b92903a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35d23700a6fb4491ad3f61ea6b92903a_JaffaCakes118
Size

4.8MB
MD5

35d23700a6fb4491ad3f61ea6b92903a
SHA1

7f4885d4c4c7747e358fdbb72a70ff7bb6f6eddc
SHA256

e896cd652cf76302ebe894f58c2c31ce571f7ac8d58d0bda9f859c74e2e82145
SHA512

1f00a99cab3122f6813984d6b65a8c7eb9485358707b39bafd6273eeb8498d7825f0a85b0441dc59405f9d5539735846b8f08238f068b4149233a8722da50577
SSDEEP

98304:580129jKIZpymp603nrIiGUMkaDeR/nq+ReBi9ARHkmWkGyUzIwC/f+Oh7:8ZTEsrddJRVeBi9qHkhtz3C/WOh7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

35d23700a6fb4491ad3f61ea6b92903a_JaffaCakes118
.rar
setup.exe
.exe windows:5 windows x86 arch:x86

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

EndUpdateResourceA
MultiByteToWideChar
IsValidCodePage
GetDiskFreeSpaceExA
Sleep
SetFilePointer
FindResourceA
LoadResource
LockResource
SizeofResource
CreateEventA
SetEvent
FormatMessageA
LocalFree
CreateProcessA
GetModuleFileNameA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetSystemDirectoryA
GetVersionExA
CompareStringA
GetSystemInfo
GetCurrentProcess
GetFileAttributesA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateDirectoryA
CopyFileA
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
GetWindowsDirectoryA
GetDateFormatA
GetTimeFormatA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
RaiseException
RtlUnwind
CloseHandle
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetTickCount
FindNextFileA
FindClose
FindFirstFileA
WriteFile
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetThreadLocale
UpdateResourceA
BeginUpdateResourceA
LocalAlloc
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateProcessW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion

gdi32

CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject

user32

ScreenToClient
SetClassLongA
LoadCursorA
SetCursor
LoadIconA
LoadImageA
SetFocus
GetFocus
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA
SetWindowTextA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
DestroyWindow
ShowWindow
SetForegroundWindow
MoveWindow
CreateDialogParamA
CreateDialogIndirectParamA
SendMessageA
GetClientRect
ShowScrollBar
SendDlgItemMessageA
SystemParametersInfoA
GetWindowRect
CharNextA
ExitWindowsEx
MessageBoxA
GetSystemMetrics
DrawTextW
ReleaseDC
GetDialogBaseUnits
LoadStringA
GetDC
MessageBoxW

ole32

CoUninitialize
CoInitialize

shell32

ShellExecuteA
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteExA

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zondaInstall2.msi
.msi
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

ole32

shell32

Sections

.text Size: 283KB - Virtual size: 282KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 122KB - Virtual size: 122KB

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 122KB - Virtual size: 122KB