8c8ef938c7df0256a39463f68d821d6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c8ef938c7df0256a39463f68d821d6c_JaffaCakes118
Size

3.8MB
MD5

8c8ef938c7df0256a39463f68d821d6c
SHA1

8a16c01e2d3dca3780f4fda86af729ae5681f637
SHA256

0d6a40d0520389c3376e5add985542864a0fded505f6b634f4a060efb005e060
SHA512

eb67b52e9cd384d5c68b2db564c6158ca85490844e491bf0e3658a53c7f1087ed2db312d4376ca5bccf30ed7a1a3597608ebd364267dedaffcaf3bf7c45ec398
SSDEEP

98304:jQs/iPZNrlWviH+/zSO0zGac881KPvViTfIlcr:Zi3rg6+mOwjr3V4fI6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XQSJ_Share_sky_Setup.exe

Files

8c8ef938c7df0256a39463f68d821d6c_JaffaCakes118
.rar
XQSJ_Share_sky_Setup.exe
.exe windows:4 windows x86 arch:x86

3de3d818d51ec814f02444b72789f4a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

MoveFileA
WriteFile
Sleep
LoadLibraryA
GetProcAddress
RaiseException
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetProcessHeap
HeapFree
FindClose
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetDateFormatA
WideCharToMultiByte
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
FileTimeToSystemTime
GetTimeFormatA
GetFileSize
GetFileTime
CreateDirectoryA
RemoveDirectoryA
FormatMessageA
FindFirstFileA
ReadFile
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetEnvironmentVariableA
GetLogicalDriveStringsA
GetDriveTypeA
GetStringTypeExA
lstrlenA
DeleteFileA
MulDiv
GetCurrentThreadId
GetCurrentProcess
CloseHandle
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
CreateEventA
FlushFileBuffers
GetDiskFreeSpaceA
GetModuleHandleA
GetModuleFileNameA
GetExitCodeProcess
GetVersion
GetPrivateProfileStringA
GetTempFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
FindNextFileA
CreateProcessA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
MultiByteToWideChar
lstrlenW
DebugBreak
HeapSize
ExitProcess
HeapReAlloc
HeapDestroy
LocalAlloc
GetStartupInfoA
GetCommandLineA
SleepEx
SetFilePointer
lstrcmpA
CreateFileA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
GetExitCodeThread
WaitForSingleObject
GetLastError
CreateThread
FreeLibrary
VirtualAlloc
GetSystemInfo
VirtualQuery
FlushInstructionCache
RtlUnwind

user32

LoadMenuA
GetSubMenu
EnableMenuItem
DestroyMenu
ScreenToClient
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
CreateDialogParamA
DialogBoxParamA
PostQuitMessage
GetPropA
TrackPopupMenu
LoadImageA
IsWindowVisible
ShowWindow
CreateWindowExA
DestroyWindow
RemovePropA
SetPropA
IsWindow
PostMessageA
MessageBoxA
KillTimer
IsDialogMessageA
SetFocus
LoadIconA
DefWindowProcA
CallWindowProcA
GetSystemMetrics
EnableWindow
SetTimer
GetActiveWindow
LoadStringA
SetWindowLongA
SendMessageA
EndDialog
InvalidateRect
RedrawWindow
GetWindowLongA
GetWindow
SystemParametersInfoA
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowTextA
GetDlgItem
CharNextA
wvsprintfA
UnregisterClassA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA
PropertySheetA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

3de3d818d51ec814f02444b72789f4a7

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 15KB