b673061a683c045d5ebc6ab6d682ad57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b673061a683c045d5ebc6ab6d682ad57_JaffaCakes118
Size

333KB
MD5

b673061a683c045d5ebc6ab6d682ad57
SHA1

c4acfa34419be5222f3b24a702ff635848e2edaa
SHA256

fd0bdd159c68b6562dfc4c42b10af55af1b3ade2ad95f400bd20826e6cefc7be
SHA512

b39fb1c59bc14c1114ef3a3b0a6e87df06ebc51120bb09f210ed140e829ac184128f957528c2fafcf123a54ce55bd7a713d14a752bb30bfb7725512d15a5e81f
SSDEEP

6144:dGTWB/1+hy4u9j9zmyt+NW7aeZcfZaF+eQI4gixqTlcZP9aKWmlzuAC7ra/:UiB/1wuDypMzZcEFfigix8GZla2FuA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FastFolders-v4.1.2/FFSetup.exe

Files

b673061a683c045d5ebc6ab6d682ad57_JaffaCakes118
.rar
FastFolders-v4.1.2/FFSetup.exe
.exe windows:5 windows x86 arch:x86

bde5686b40c5a336bbb398b532986608

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\DeskSoft\Internal\Components\Setup\Release\Setup.pdb

Imports

shlwapi

PathIsRelativeA
PathIsNetworkPathA
SHDeleteKeyA

kernel32

ReadFile
CopyFileA
SetFilePointer
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
CreateDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
OpenProcess
GetCurrentProcess
GetDiskFreeSpaceA
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
lstrlenA
GetTempPathA
MultiByteToWideChar
GetVersionExA
GetModuleFileNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
CreateFileA
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapSize
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetFileSize
CreateFileMappingA
MapViewOfFile
WriteFile
UnmapViewOfFile
TerminateProcess
CreateProcessA
GetExitCodeProcess
CloseHandle
GetModuleHandleA
GetProcAddress
RemoveDirectoryA
FindFirstFileA
DeleteFileA
Sleep
FindNextFileA
FindClose
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
FlushFileBuffers
GetStringTypeW
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
RtlUnwind
GetLastError
HeapFree
HeapAlloc
ExitThread
CreateThread

user32

DialogBoxParamA
SystemParametersInfoA
EnumWindows
GetClassNameA
ExitWindowsEx
FindWindowExA
GetWindowThreadProcessId
PostMessageA
LoadIconA
SetClassLongA
CreateDialogParamA
EnableWindow
SetDlgItemTextA
ShowWindow
EndDialog
SendDlgItemMessageA
LoadStringA
SetForegroundWindow
MessageBoxA
EnumChildWindows
SetWindowTextA
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageA
GetDlgItemTextA
GetDC
ReleaseDC
MoveWindow
CreateIconFromResource
GetFocus
DrawFocusRect
InvalidateRect
SetFocus
GetDlgItem
GetClientRect
MapWindowPoints
CreateWindowExA
SetWindowLongA
GetWindowTextA
RegisterClassA
GetWindowLongA
BeginPaint
FillRect
DrawTextA
DrawIconEx
EndPaint
DefWindowProcA
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DestroyWindow

gdi32

CreateFontA
CreateFontIndirectA
SetBkMode
SetTextColor
GetStockObject
SelectObject
DeleteObject

advapi32

GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegEnumValueA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
ord680

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FastFolders-v4.1.2/Readme.txt
FastFolders-v4.1.2/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

bde5686b40c5a336bbb398b532986608

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 7KB - Virtual size: 24KB

.rsrc Size: 61KB - Virtual size: 60KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 7KB - Virtual size: 24KB

.rsrc
Size: 61KB - Virtual size: 60KB