a50e2086c52cea3d3677f819549624e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a50e2086c52cea3d3677f819549624e5_JaffaCakes118
Size

183KB
MD5

a50e2086c52cea3d3677f819549624e5
SHA1

4e77a5de6cd36ca95636ab0967916e4ada16f654
SHA256

545c113c29c65c704b92a426d90485eddffbf53170c4d24128d75a7891d460bb
SHA512

603a22067971c245bb0f3e031aef2fb909e2edc10e09e74e7f54701f55e1039ec410967181a18a0339aa0569ba101235186fe09a376e73b8223baa752c1e4a4e
SSDEEP

3072:ymx627Gf2rZf4/UsxJW1qPSeyYYgYnoYqvjfVd0sD26VXUnkjw4eExupALH24BZy:ymc2K6Zf48sx4QPvyHnoFf8ZcX8JDExW

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LCleaner/LCleaner.exe
unpack001/LCleaner/lua5.1.dll

Files

a50e2086c52cea3d3677f819549624e5_JaffaCakes118
.rar
LCleaner/LCleaner website.url
LCleaner/LCleaner.exe
.exe windows:4 windows x86 arch:x86

b6fde1ff96773a901df4149f0fb553c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

lua5.1

lua_getinfo
lua_getstack
lua_toboolean
lua_pushboolean
lua_isstring
lua_tointeger
luaL_newstate
luaopen_base
luaopen_table
luaopen_string
luaopen_math
luaopen_debug
lua_atpanic
luaL_loadfile
lua_pcall
lua_close
lua_rawget
lua_pushnumber
lua_pushcclosure
lua_settable
lua_pushnil
lua_createtable
lua_pushlightuserdata
lua_rawseti
lua_type
lua_touserdata
lua_tonumber
lua_remove
lua_pushstring
lua_error
luaL_unref
lua_getfield
luaL_ref
lua_rawgeti
lua_setfield
lua_settop
lua_gettop
lua_tolstring

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
MulDiv
LockResource
FindResourceExA
GetUserDefaultLangID
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CloseHandle
FindClose
DeleteFileA
RemoveDirectoryA
FindNextFileA
FindFirstFileA
CreateMutexA
CreateFileMappingA
OpenFileMappingA
GetFileSize
CreateFileA
CompareFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetProcAddress
LoadLibraryA
GetVersionExA
CreateThread
GetCurrentThreadId
GetCompressedFileSizeA
GetDiskFreeSpaceA
GetFileAttributesExA
WinExec
lstrcatA
VirtualFree
WriteFile
SetFilePointer
VirtualAlloc
ExpandEnvironmentStringsA
GetFileAttributesA
GetTempPathA
SetFileAttributesA
VirtualProtect
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadStringPtrA
lstrcpynA
lstrcpyA
lstrcmpA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
lstrcmpiA
lstrlenA
CompareStringA
GetCurrentProcess
GetSystemInfo
FlushInstructionCache
RaiseException
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
Sleep
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
InterlockedExchange
VirtualQuery

user32

GetMonitorInfoA
AppendMenuA
LoadImageA
DrawFrameControl
DrawStateA
TrackPopupMenuEx
GetSubMenu
GetMenuItemInfoA
GetMenuItemCount
PostMessageA
InsertMenuItemA
DestroyIcon
CreatePopupMenu
DrawIconEx
GetClassInfoExA
CreateDialogParamA
RedrawWindow
IsWindowVisible
RegisterClassExA
GetSystemMetrics
LoadMenuA
UnregisterClassA
DestroyMenu
SetScrollInfo
SetScrollPos
GetScrollPos
ShowWindow
IsZoomed
IsIconic
GetFocus
GetCursorPos
GetCapture
GetScrollRange
SetCursor
DrawFocusRect
PtInRect
SetFocus
SetCapture
IsWindowEnabled
ScreenToClient
GetDlgCtrlID
CharLowerA
GetActiveWindow
DialogBoxParamA
DestroyWindow
InflateRect
CharUpperBuffA
IsCharAlphaNumericA
InvalidateRect
UpdateWindow
GetSysColor
EndPaint
BeginPaint
CallWindowProcA
GetClassNameA
LoadCursorA
OffsetRect
ReleaseDC
SetForegroundWindow
GetMessagePos
TrackPopupMenu
SetRectEmpty
GetScrollInfo
GetDC
CharNextA
DefWindowProcA
DrawTextA
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
ReleaseCapture
MonitorFromPoint
SetWindowPos
IsWindow
GetDlgItem
GetParent
GetClientRect
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
CreateWindowExA
SetWindowLongA
EndDialog
FillRect
EnableWindow

gdi32

LineTo
ExtCreatePen
BitBlt
GetTextColor
GetDeviceCaps
MoveToEx
CreatePen
CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
Rectangle
CreateSolidBrush
GetTextMetricsA
GetTextExtentPoint32A
SetTextColor
SetBkMode
RestoreDC
SaveDC
SetBkColor
ExtTextOutA
GetStockObject
CreateFontIndirectA
DeleteDC
SelectObject
GetBkColor
GetObjectA
DeleteObject

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SHGetFileInfoA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

StrFormatByteSize64A

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_LoadImageA
ImageList_Destroy
ImageList_GetIcon
InitCommonControlsEx
ImageList_DrawEx

msimg32

GradientFill

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LCleaner/Scripts/Desktop History/Common Dialogs MRU.lua
LCleaner/Scripts/Desktop History/Map Network Drives MRU.lua
LCleaner/Scripts/Desktop History/Regedit Recent Key.lua
LCleaner/Scripts/Desktop History/Run MRU.lua
LCleaner/Scripts/Desktop History/Windows Search History.lua
LCleaner/Scripts/Desktop History/category.lua
LCleaner/Scripts/Desktop History/recent documents.lua
LCleaner/Scripts/Google Toolbar.lua
LCleaner/Scripts/MS Front Page.lua
LCleaner/Scripts/MS Media Player Recent Files.lua
LCleaner/Scripts/MS Office 2003/Outlook Exhange Cache Files.lua
LCleaner/Scripts/MS Office 2003/category.lua
LCleaner/Scripts/MS Office Recent Files.lua
LCleaner/Scripts/MS Outlook Express.lua
LCleaner/Scripts/MS Visual Studio MRU.lua
LCleaner/Scripts/Temporary Files/category.lua
LCleaner/Scripts/Temporary Files/system temporary.lua
LCleaner/Scripts/Temporary Files/user temporary.lua
LCleaner/Scripts/WinAMP.lua
LCleaner/Scripts/WinRAR.lua
LCleaner/Scripts/Windows/Windows Dumps.lua
LCleaner/Scripts/Windows/Windows Hotfix Uninstall.lua
LCleaner/Scripts/Windows/Windows Logs.lua
LCleaner/Scripts/Windows/Windows Prefetch.lua
LCleaner/Scripts/Windows/category.lua
LCleaner/Scripts/cross.ico
LCleaner/Scripts/recycle bin.lua
LCleaner/license.txt
LCleaner/lua5.1.dll
.dll windows:4 windows x86 arch:x86

4b4e3e21f70994deeca6da6c034ca7ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
DisableThreadLibraryCalls

msvcr71

strchr
longjmp
exit
isspace
localeconv
isalnum
isalpha
isdigit
iscntrl
strtod
sprintf
strncat
strncpy
strcspn
strtoul
strcoll
free
strerror
ungetc
strstr
_errno
fopen
fread
fprintf
_iob
realloc
fclose
getc
fputs
fgets
fscanf
tmpfile
_pclose
fflush
_popen
floor
fwrite
ftell
fseek
clearerr
ceil
modf
ldexp
rand
srand
frexp
_HUGE
rename
gmtime
tmpnam
mktime
system
remove
clock
localtime
strftime
time
setlocale
getenv
difftime
memchr
ispunct
tolower
isupper
toupper
islower
strpbrk
isxdigit
strrchr
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit
setvbuf
_setjmp3
_CIpow
_CIfmod
_CIacos
_CIasin
_CItanh
_CIcosh
_CIsinh

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaP_opmodes
luaP_opnames
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LCleaner/readme.txt
LCleaner/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

b6fde1ff96773a901df4149f0fb553c6

Headers

File Characteristics

Imports

version

lua5.1

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 8KB

4b4e3e21f70994deeca6da6c034ca7ba

Headers

File Characteristics

Imports

kernel32

msvcr71

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 40B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 40B

.reloc
Size: 8KB - Virtual size: 5KB