60af479c2563650d461ecf3130af0463_JaffaCakes118

General

Target

60af479c2563650d461ecf3130af0463_JaffaCakes118
Size

39KB
MD5

60af479c2563650d461ecf3130af0463
SHA1

a573075a8313183dedc6424b80bfe7005fa7f6e7
SHA256

c25ee5ff5a1cad2b3d39f33d11d8d9985f9581f76f8a2bd2091b0f972b7bf109
SHA512

33b50d0bd146ec43e72220477d055eb55f63c9ce94a571458abac87a64a4d6b6bd80674fbdd352d7963c81ef996da7a78430436836e0536fe440006d1d0c9f3f
SSDEEP

768:4f1gzSjvjMHCPExv9I0Sihk0/tWuPB1OKSv4XA2HXsFbHrsidd/qLY0BmSFS:4f1gzSjrMHkEl/hk0lnPBVSCHXeT70Lw

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TROJAN_REMOVER_ALL_VERSION_BY_SUICIDE_SOLUTION WIN9X.exe
unpack001/TROJAN_REMOVER_ALL_VERSION_BY_SUICIDE_SOLUTION WINXP.exe

Files

60af479c2563650d461ecf3130af0463_JaffaCakes118
.zip
TROJAN_REMOVER_ALL_VERSION_BY_SUICIDE_SOLUTION WIN9X.exe
.exe windows:4 windows x86 arch:x86

925d80d171642d26f889ad8a1883ec48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CloseHandle
GetFileSize
CreateFileA
SetFileAttributesA
ReadFile
VirtualAlloc
WriteProcessMemory
ResumeThread
SuspendThread
CreateProcessA
WriteFile
ReadProcessMemory
GetFileAttributesA
VirtualFree
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
LoadLibraryA
GetProcAddress
SetStdHandle
HeapReAlloc
HeapAlloc
GetACP
GetCPInfo
GetOEMCP
GetCurrentProcess
SetFilePointer
GetCommandLineA
_llseek
GetLastError
RtlUnwind
HeapFree
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
HeapCreate
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetFileType
SetHandleCount
GetStdHandle
HeapDestroy

user32

SendDlgItemMessageA
EndDialog
KillTimer
DialogBoxParamA
SendMessageA
LoadIconA
EnableWindow
SetWindowLongA
SetWindowTextA
RedrawWindow
SetDlgItemTextA
MessageBoxA
CallWindowProcA
LoadCursorA
SetCursor
SetTimer
GetDlgItem
ShowWindow

shell32

ShellExecuteA
DragQueryFileA

gdi32

GetObjectA
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextColor

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TROJAN_REMOVER_ALL_VERSION_BY_SUICIDE_SOLUTION WINXP.exe
.exe windows:4 windows x86 arch:x86

925d80d171642d26f889ad8a1883ec48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CloseHandle
GetFileSize
CreateFileA
SetFileAttributesA
ReadFile
VirtualAlloc
WriteProcessMemory
ResumeThread
SuspendThread
CreateProcessA
WriteFile
ReadProcessMemory
GetFileAttributesA
VirtualFree
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
LoadLibraryA
GetProcAddress
SetStdHandle
HeapReAlloc
HeapAlloc
GetACP
GetCPInfo
GetOEMCP
GetCurrentProcess
SetFilePointer
GetCommandLineA
_llseek
GetLastError
RtlUnwind
HeapFree
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
HeapCreate
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetFileType
SetHandleCount
GetStdHandle
HeapDestroy

user32

SendDlgItemMessageA
EndDialog
KillTimer
DialogBoxParamA
SendMessageA
LoadIconA
EnableWindow
SetWindowLongA
SetWindowTextA
RedrawWindow
SetDlgItemTextA
MessageBoxA
CallWindowProcA
LoadCursorA
SetCursor
SetTimer
GetDlgItem
ShowWindow

shell32

ShellExecuteA
DragQueryFileA

gdi32

GetObjectA
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextColor

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

925d80d171642d26f889ad8a1883ec48

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 24KB - Virtual size: 27KB

925d80d171642d26f889ad8a1883ec48

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 24KB - Virtual size: 27KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 24KB - Virtual size: 27KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 24KB - Virtual size: 27KB