82ab65774e2e3555c1936591a9625ea6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

82ab65774e2e3555c1936591a9625ea6_JaffaCakes118
Size

740KB
MD5

82ab65774e2e3555c1936591a9625ea6
SHA1

69d2c3c75466e36f0b569cd2ccebf5f755326ffa
SHA256

2d16895c5f741aca7eb3714f94669d7c5ba91a52d4adab3e78ecdce61880a127
SHA512

a2d9cd1c81be875b72a011ac6f9d9c01d6a346d24f82798dbdaa230e231852e4b88c126c3e27f5ed804f413704c7b582579e8baf23a46e696a4dfb73a58bed87
SSDEEP

12288:ErDy63DnA0LQY/RvqAjIGsvgOJJN31F+cO3vYsbBR/sSA6Oiuw/kW8OBI5kGY:ErDyinjLQYOVIOVSv5+STOiJ77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/windowstocks-v1.9.12.07.exe

Files

82ab65774e2e3555c1936591a9625ea6_JaffaCakes118
.rar
windowstocks-v1.9.12.07.exe
.exe windows:5 windows x86 arch:x86

37b336b6c78a487a462f7f5156f921f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
FlushInstructionCache
GetCurrentProcess
CopyFileW
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
CreateMutexW
CloseHandle
GetCurrentThreadId
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
FreeLibrary
GetLastError
GetTempPathW
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetLogicalDriveStringsW
CreateDirectoryW
SetFilePointer
ReadFile
FlushFileBuffers
InterlockedExchange
GetSystemDefaultLangID
GetUserDefaultLangID
EnumResourceLanguagesW
GetLocaleInfoW
GlobalMemoryStatus
OutputDebugStringW
GetSystemDirectoryW
GetWindowsDirectoryW
GetProcAddress
GetEnvironmentVariableW
GetSystemTime
CreateThread
MulDiv
WaitForSingleObject
GetExitCodeThread
TerminateThread
SetEvent
WriteFile
GetFileSize
MoveFileW
Sleep
ResetEvent
CreateFileA
GetDiskFreeSpaceExW
FormatMessageW
CreateProcessW
GetExitCodeProcess
GetVersion
CreateNamedPipeW
SearchPathW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
LocalAlloc
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
HeapCreate
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetVersionExW
lstrlenW
MultiByteToWideChar
CreateEventW
WideCharToMultiByte

user32

RedrawWindow
InvalidateRect
SetFocus
LoadStringW
SetForegroundWindow
LoadImageW
GetForegroundWindow
MsgWaitForMultipleObjects
GetSystemMenu
ModifyMenuW
DestroyMenu
FindWindowW
ExitWindowsEx
GetDlgCtrlID
SetPropW
RemovePropW
EnableMenuItem
TrackPopupMenu
LoadMenuW
GetSubMenu
SetTimer
KillTimer
IsWindowVisible
GetWindowDC
ReleaseDC
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
UnregisterClassA
GetWindow
GetWindowLongW
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowTextW
GetDlgItem
IsWindow
PostMessageW
GetPropW
ShowWindow
PostQuitMessage
CallWindowProcW
GetDesktopWindow
ScreenToClient
EnableWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
GetDC
GetSystemMetrics
CreateDialogParamW
LoadIconW
DialogBoxParamW
MessageBoxW
GetActiveWindow
SetWindowLongW
DefWindowProcW
CharNextW
DestroyWindow
EndDialog

gdi32

GetWindowExtEx
CreateFontIndirectW
GetViewportExtEx
SetMapMode
GetMapMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetStockObject
SetBkMode
DeleteDC
GetObjectW
GetDeviceCaps

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
UnlockServiceDatabase
CloseServiceHandle
OpenServiceW
QueryServiceStatus
StartServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
GetUserNameW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
OpenSCManagerW
LockServiceDatabase

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

oleaut32

VarUI4FromStr
OleLoadPicture

comctl32

PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

37b336b6c78a487a462f7f5156f921f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

version

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 74KB - Virtual size: 74KB