8de44aed5f0e52fa85139e9e1ab77bc3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8de44aed5f0e52fa85139e9e1ab77bc3_JaffaCakes118
Size

10.6MB
MD5

8de44aed5f0e52fa85139e9e1ab77bc3
SHA1

bd909a9bbf4db258a83ad97bf8defbb6268a84cd
SHA256

ac1b1d25d142332b85c5514f2d356f379fc3ea7678de951b76d5c7df749a10d3
SHA512

08e24d777f791027430aea1d3e2b8a2e1e2f8a4f19f419d986d40b80e7a60c3e0e92ee3ed75aebfdd0c7b1a9ade326e1e3c326a210d4cb63679a3231f0addbf0
SSDEEP

196608:45LilMZcgpfd7kIeispay2PnvzVSeAZ7zwyKQCcaKOTtEhyGxL:4FilMZcapUzcJZcZ7Ey7GEhH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rfwolusrfree.exe

Files

8de44aed5f0e52fa85139e9e1ab77bc3_JaffaCakes118
.rar
rfwolusrfree.exe
.exe windows:4 windows x86 arch:x86

1db406b49d3ec30534df4c5b8a3e90bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
TerminateThread
WaitForSingleObject
ResumeThread
SuspendThread
lstrcatA
lstrcpyA
CreateThread
DeleteFileA
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetFileSize
CreateFileA
GetModuleFileNameA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetVersionExA
GetFileAttributesA
GetTempPathA
RemoveDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
WriteFile
GetCommandLineA
SetFilePointer
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
GetACP
CreateDirectoryA
lstrcpynA
SetLastError
LoadLibraryA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
CreateMutexA
ReleaseMutex
GetLastError
ReadFile
CloseHandle
RtlUnwind
HeapAlloc
HeapFree
SetEndOfFile
GetFileType
GetVersion
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetOEMCP
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate

user32

LoadStringA
SetWindowTextA
MessageBoxA
GetDlgItem
GetSystemMenu
PostMessageA
GetMenuItemCount
EnableMenuItem
EnableWindow
SendMessageA
IsWindowVisible
KillTimer
ShowWindow
EndDialog
SetTimer
DialogBoxParamA
GetMenuItemID

gdi32

DeleteObject
CreateFontA

comctl32

ord17

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

1db406b49d3ec30534df4c5b8a3e90bb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 1.0MB

.rsrc Size: 176KB - Virtual size: 174KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 1.0MB

.rsrc
Size: 176KB - Virtual size: 174KB