ba46983f003c7146e1def014d309db68_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba46983f003c7146e1def014d309db68_JaffaCakes118
Size

2.9MB
MD5

ba46983f003c7146e1def014d309db68
SHA1

6259cd12f471e50acd5eb7926b6798a8338a57d1
SHA256

842abf693b2677dd34aad5f84cc196796ee60263a28dda3cded71d7aa7903b2e
SHA512

286041cda4e47d3317a7cac76f86fb9528ea88f2a248192f36617c63fd2b36bd534038b80a9b9434b5b00669aa5af61932d3f7d2263a85b4756cbb32a071dfc4
SSDEEP

49152:taD3z4LGLdIfkOP4R+Oic9s9in3r5mWTCzVEZcrqcU6SzaLJ1if49m1MAHlt+fPR:taU2dKz4ENc9smr5mTzUcrqcUvaLM4kW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

ba46983f003c7146e1def014d309db68_JaffaCakes118
.rar
Setup.msi
.msi
setup.exe
.exe windows:5 windows x86 arch:x86

cb095c2cb0f321ce2815765d4fa0565e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
EndUpdateResourceA
MultiByteToWideChar
IsValidCodePage
GetDiskFreeSpaceExA
Sleep
SetFilePointer
FindResourceA
LoadResource
LockResource
SizeofResource
CreateEventA
SetEvent
FormatMessageA
LocalFree
CreateProcessA
GetModuleFileNameA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetSystemDirectoryA
CompareStringA
GetSystemInfo
GetCurrentProcess
GetFileAttributesA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateDirectoryA
CopyFileA
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
GetWindowsDirectoryA
GetDateFormatA
GetTimeFormatA
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
RaiseException
RtlUnwind
GetModuleHandleA
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetOEMCP
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
MulDiv
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetTickCount
FindNextFileA
FindClose
FindFirstFileA
WriteFile
GetLastError
GetProcAddress
LoadLibraryA
FreeLibrary
GetLocaleInfoA
GetVersionExA
GetThreadLocale
InterlockedExchange
GetACP
GetCurrentProcessId
UpdateResourceA
BeginUpdateResourceA
LocalAlloc
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateProcessW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion

gdi32

CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject

user32

ScreenToClient
SetClassLongA
LoadCursorA
SetCursor
LoadIconA
LoadImageA
SetFocus
GetFocus
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA
SetWindowTextA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
DestroyWindow
ShowWindow
SetForegroundWindow
MoveWindow
CreateDialogParamA
CreateDialogIndirectParamA
SendMessageA
GetClientRect
ShowScrollBar
SendDlgItemMessageA
SystemParametersInfoA
GetWindowRect
CharNextA
ExitWindowsEx
MessageBoxA
GetSystemMetrics
DrawTextW
ReleaseDC
GetDialogBaseUnits
GetDC
LoadStringA
MessageBoxW

ole32

CoUninitialize
CoInitialize

shell32

ShellExecuteA
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteExA

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

cb095c2cb0f321ce2815765d4fa0565e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

ole32

shell32

Sections

.text Size: 283KB - Virtual size: 282KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 162KB - Virtual size: 162KB

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 162KB - Virtual size: 162KB