6a1ec08734b76ff895d8cc4aea665a95_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6a1ec08734b76ff895d8cc4aea665a95_JaffaCakes118
Size

18.1MB
MD5

6a1ec08734b76ff895d8cc4aea665a95
SHA1

b81c2751ee572072457bfecf1d9dcb612e5589c8
SHA256

4854a9604c219c5fa6dd2b5ad559025723d02ae2799eb063114aee583acc2770
SHA512

a4279ef8d19149cbf65f2ffb389bf5267e5dfd8bb466580f39b6d7cf7290e9df0b064ea80da4e5212c3d85f15813ef3aff019da0de360f3ad7798784075eb3e4
SSDEEP

393216:qIEBWQsQ9YVKerO/AdOrIgg7VVOa+WSVHtzcflDsFnL:RBQDGDmc37VIa+WSVylYFL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe

Files

6a1ec08734b76ff895d8cc4aea665a95_JaffaCakes118
.rar
Setup.exe
.exe windows:4 windows x86 arch:x86

8dcee093c360128f859c7cd3e13a1ac4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerInstallFileA

kernel32

AddAtomA
HeapDestroy
GetModuleHandleA
GetStartupInfoA
HeapCreate
ExitProcess
lstrcpyA
GetCommandLineA
HeapAlloc
HeapFree
LockResource
LoadResource
FindResourceA
FindResourceExA
RemoveDirectoryA
LocalFree
FormatMessageA
InterlockedDecrement
SetEvent
OpenEventA
CopyFileA
GetTempFileNameA
GetTempPathA
WaitForSingleObject
SetFileAttributesA
GetLastError
GetShortPathNameA
GetWindowsDirectoryA
GetFileAttributesA
CreateDirectoryA
SetLastError
lstrlenA
CompareStringA
GetPrivateProfileStringA
GetVersionExA
GlobalLock
GlobalAlloc
GetUserDefaultLangID
GetModuleFileNameA
RtlUnwind
GetAtomNameA
DeleteFileA
Sleep
CloseHandle
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetPrivateProfileIntA
CreateProcessA
CreateFileA
SetErrorMode
CompareStringW

user32

TranslateMessage
PeekMessageA
GetWindowLongA
EndDialog
GetDlgItem
SendMessageA
SetWindowLongA
DispatchMessageA
IsDialogMessageA
CreateDialogIndirectParamA
SetDlgItemTextA
GetDesktopWindow
GetClientRect
GetWindowRect
MoveWindow
CharNextA
CharUpperA
wsprintfA
ReleaseDC
LoadImageA
GetDC
EndPaint
CreateDialogParamA
BeginPaint
DialogBoxIndirectParamA
MessageBoxA
DestroyWindow
CharLowerA

gdi32

DeleteDC
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetSystemPaletteEntries
GetDIBColorTable
BitBlt

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA

ole32

CoCreateInstance
CoFreeAllLibraries
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SafeArrayGetLBound
VariantClear
SafeArrayGetElement
SysAllocString
SafeArrayGetUBound

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gda
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Setup.ini
data1.cab
data1.hdr
data2.cab
ikernel.ex_
layout.bin
setup.bmp
setup.inx
vssver.scc
下载说明.htm
.html .js polyglot
安装指南.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

8dcee093c360128f859c7cd3e13a1ac4

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.gda Size: - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.gda
Size: - Virtual size: 4KB