5d1bfc69182492cb4d64bc8dfad8d1d5_JaffaCakes118

General

Target

5d1bfc69182492cb4d64bc8dfad8d1d5_JaffaCakes118
Size

498KB
MD5

5d1bfc69182492cb4d64bc8dfad8d1d5
SHA1

ce3f7987ca754921527cb5e8ec11826f45191776
SHA256

801aae2eb519657bf0137b3779461b6b929d45188de9c20d7ac7f5922b2dccff
SHA512

332943ee1254aeffab2ef7975e627e43cb7f9182ecbd38e9b4ae580878f0eb5bd27ec62f515fb7811d039e108fd94e7bec7af38857e3b8dd69a79ee84572efa3
SSDEEP

12288:yPl+rpB1aNzRuLjNY7GpZWVz3TjFvyU1nJ8YsLgjVn3:yPl+FaNzYkG3WVzHZ/1nJ83ch3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/examxml.exe
unpack001/keygen/keygen.exe

Files

5d1bfc69182492cb4d64bc8dfad8d1d5_JaffaCakes118
.rar
examxml.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
keygen/keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 574B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 896B

Headers

File Characteristics

Sections

Size: - Virtual size: 208KB

Size: 48KB - Virtual size: 48KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 574B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 896B