663a6c05545f35bc371e579864b4d70f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

663a6c05545f35bc371e579864b4d70f_JaffaCakes118
Size

37KB
MD5

663a6c05545f35bc371e579864b4d70f
SHA1

8c04a318340f0720022b4a36df580f21937e17fe
SHA256

3e80e4870100ede49823f94be496d936370655b5ee4b3f40bafe3c0a40ba9b66
SHA512

ce0c7351c70df6b9d4c5d30a6fe8b1e34c362b1d509e0a8c54d8519e622129a37a98f50bd2780754441f48f39e60ecf4585c7fc6a689fbadc05fa039c8a0637c
SSDEEP

768:QDGV4ezrmClCFGtq56K4xiQrcZIbMupifmMtOAWuovaWETWhBLqyIbgPnGs0p6e:QDGRCst2Qx3cqbDMfmL53sgPGs0p6e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/最新更新的取硬盘物理ID和DES加密/NetDiskDLL.dll

Files

663a6c05545f35bc371e579864b4d70f_JaffaCakes118
.rar
最新更新的取硬盘物理ID和DES加密/NetDiskDLL.dll
.dll windows:4 windows x86 arch:x86

541f145c67b4a204bcb34af862b54dbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

Netbios

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup

mfc42

ord3922
ord5199
ord2396
ord5731
ord1089
ord5302
ord2725
ord4079
ord4698
ord3346
ord5300
ord5307
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5289
ord5714
ord3825
ord4486
ord3830
ord4622
ord4424
ord3738
ord561
ord815
ord6467
ord801
ord858
ord6883
ord939
ord2818
ord941
ord541
ord823
ord4204
ord2393
ord922
ord537
ord1979
ord3318
ord2512
ord926
ord5186
ord354
ord535
ord353
ord1187
ord2554
ord540
ord6375
ord4274
ord800
ord860
ord5710
ord3079
ord825
ord4080
ord3831
ord665
ord600
ord826
ord1578
ord1176
ord1116
ord269
ord342
ord1182
ord1255
ord1575
ord1570
ord1168
ord1243
ord1253
ord1577
ord1197

msvcrt

sprintf
strrchr
__CxxFrameHandler
_mbsicmp
strncpy
_mbscmp
_CxxThrowException
_EH_prolog
rand
srand
_initterm
_adjust_fdiv
__dllonexit
??1type_info@@UAE@XZ
_onexit
strchr
malloc
free

kernel32

CloseHandle
GetModuleFileNameA
GetModuleHandleA
CreateFileA
GetTickCount
GetProcAddress
GetVersionExA
GetVersion
LocalFree
LoadLibraryA
DeviceIoControl
LocalAlloc

user32

wsprintfA
MessageBoxA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA

ole32

CoCreateGuid

Exports

Exports

Base64Decode
Base64Encode
CRC32
CRC32File
CRC32String
CRC8
CRC8String
DES
GenUniqueID
GetComputerID
GetDiskSN
GetMainBordID
GetNetCardCount
GetNetCardIPAdd
GetNetCardMacAdd
GetNetCardName
MD5File
MD5String

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
最新更新的取硬盘物理ID和DES加密/a.pbw
最新更新的取硬盘物理ID和DES加密/demo.pbl
最新更新的取硬盘物理ID和DES加密/demo.pbt
最新更新的取硬盘物理ID和DES加密/下载说明.htm
.html .js polyglot
最新更新的取硬盘物理ID和DES加密/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

541f145c67b4a204bcb34af862b54dbe

Headers

File Characteristics

Imports

netapi32

ws2_32

mfc42

msvcrt

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB