c06a5c3eda4405f33b57c94da8884945_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c06a5c3eda4405f33b57c94da8884945_JaffaCakes118
Size

801KB
MD5

c06a5c3eda4405f33b57c94da8884945
SHA1

d89ab82d0a1f6450fb7c5946f838d06e079869de
SHA256

458264aa0e605ef5c3b40c40652cdea84f3ef550b44e0c65ecb38966ae9a4968
SHA512

a32ea661d8c367ce6eba2b4b1fa2fa3d90494b0dd8366712427e30a698e13273b82a2b404ce4d0f1d7e7b4b5c96ffc096bd56491e88248d5c3ab714df01b3c3f
SSDEEP

12288:fKfQvHuuH3ELDqw2eRts8A9k/9yZt1a4c20PdJRP2FE/lSCRcjWaMHa:fIQvHVdwXtcdf1aAoPXtSgLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AnyiSafe/AnyiSafe.exe
unpack001/AnyiSafe/AnyiSafeEngine.exe
unpack001/AnyiSafe/DeviceWizard.exe

Files

c06a5c3eda4405f33b57c94da8884945_JaffaCakes118
.rar
AnyiSafe/AnyiSafe.exe
.exe windows:4 windows x86 arch:x86

f4b90dfe9f78200bcae7b128607e8c5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRetToBufW

kernel32

GetLocaleInfoA
FlushFileBuffers
CompareStringA
CompareStringW
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
SetCurrentDirectoryW
GetCommandLineW
SetLastError
GetLastError
SetFileAttributesW
GetTempPathW
GetModuleFileNameW
MultiByteToWideChar
LocalFree
FormatMessageW
GetFullPathNameW
CloseHandle
CreateProcessW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FindFirstFileW
FindClose
CreateEventW
DeleteCriticalSection
WaitForSingleObject
TerminateProcess
OpenProcess
GetCurrentThreadId
Sleep
SetEvent
ReleaseMutex
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateEventA
OpenFileMappingA
OpenEventA
CreateMutexA
VirtualQuery
OpenMutexA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
ExitProcess
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
GetFileType
CreateFileA
GetStringTypeW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetDriveTypeA
SetFilePointer
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetTimeZoneInformation
HeapSize
LCMapStringA
LCMapStringW
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA

user32

LoadAcceleratorsW
UpdateWindow
SendMessageW
IsWindowEnabled
FindWindowW
TrackMouseEvent
DefWindowProcW
LoadCursorW
SetCursor
SetWindowLongW
EndPaint
ReleaseDC
ScreenToClient
ClientToScreen
GetDC
BeginPaint
GetWindowLongW
GetMessageW
GetSystemMetrics
RegisterClassExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DestroyIcon
RegisterWindowMessageW
DestroyMenu
MoveWindow
GetWindowRect
GetClientRect
DrawFrameControl
DrawTextW
LoadImageW
wsprintfW
TranslateMessage
DispatchMessageW
CreateWindowExW
ShowWindow
IsWindowVisible
SetTimer
PostMessageW
CreateMenu
CreatePopupMenu
AppendMenuW
GetCursorPos
TrackPopupMenu
PostQuitMessage
EnableWindow
InvalidateRect
DestroyWindow
MessageBoxW
SetForegroundWindow
LoadIconW
TranslateAcceleratorW

shell32

SHBindToParent
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
CommandLineToArgvW
Shell_NotifyIconW

ole32

CoInitializeEx

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

gdi32

CreateFontW
StretchBlt
CreatePen
SetTextColor
GetStockObject
Polygon
CreateCompatibleDC
DeleteObject
GetObjectW
SetBkMode
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
BitBlt

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnyiSafe/AnyiSafeEngine.exe
.exe windows:4 windows x86 arch:x86

cffb40e89e3cb250347993760df08b39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
setsockopt
getsockopt
htons
bind
getsockname
socket
ioctlsocket
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
inet_addr
gethostbyname
WSASetLastError
accept
listen
__WSAFDIsSet
ntohs
select
htonl

kernel32

SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetStdHandle
FreeConsole
AllocConsole
GetCommandLineW
GetVolumeInformationW
GetVersionExA
LocalFree
SetFileAttributesW
GetDiskFreeSpaceExW
CreateFileW
GetExitCodeProcess
CreateProcessW
GetModuleHandleW
CreateMutexW
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
DuplicateHandle
GetCurrentProcess
ReleaseMutex
WaitForMultipleObjects
CreateEventA
CreateMutexA
GetExitCodeThread
TerminateThread
Sleep
GetTickCount
ExpandEnvironmentStringsA
FormatMessageA
GetLastError
GetDriveTypeW
OpenProcess
CloseHandle
GetCurrentThreadId
CreateEventW
SetEvent
WaitForSingleObject
DeleteCriticalSection
SleepEx
InitializeCriticalSection
SetEnvironmentVariableW
EnterCriticalSection
GetCPInfo
SetLastError
MapViewOfFile
FlushFileBuffers
GetStartupInfoA
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
GetTimeZoneInformation
GetFullPathNameW
SetEndOfFile
RaiseException
LCMapStringW
LCMapStringA
GetCommandLineA
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetOEMCP
GetACP
FindFirstFileW
GetLogicalDriveStringsW
FindClose
FindNextFileW
FindFirstFileA
WideCharToMultiByte
GetTempPathW
TerminateProcess
CreateThread
ResetEvent
UnmapViewOfFile
SetHandleCount
CreateFileMappingA
OpenFileMappingA
OpenEventA
VirtualQuery
OpenMutexA
GetCurrentProcessId
GlobalMemoryStatus
QueryPerformanceCounter
HeapAlloc
WriteFile
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
SetStdHandle
GetFileType
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
SetFilePointer
HeapFree
GetProcessHeap
GetStartupInfoW
HeapReAlloc
ExitThread
CreateFileA
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
IsDebuggerPresent
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

MessageBoxW
MessageBoxA
MoveWindow
GetSystemMetrics
GetWindowRect
ShowWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxParamW
wsprintfA

advapi32

LookupAccountNameA
ConvertSidToStringSidA
GetUserNameA

shell32

ShellExecuteW
CommandLineToArgvW

gdi32

DeleteDC
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject

Sections

.text
Size: 476KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnyiSafe/DeviceWizard.exe
.exe windows:4 windows x86 arch:x86

e655e2e3597f8a12f8bc2e1750c148b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRetToBufW

kernel32

GetLogicalDrives
GetFullPathNameW
CreateProcessW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
CreateEventW
DeleteCriticalSection
WaitForSingleObject
TerminateProcess
OpenProcess
GetCurrentThreadId
SetEvent
GetTickCount
ReleaseMutex
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateEventA
OpenFileMappingA
OpenEventA
CreateMutexA
SetLastError
VirtualQuery
OpenMutexA
GetModuleFileNameW
MultiByteToWideChar
LocalFree
FormatMessageW
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
GetProcAddress
GetModuleHandleA
ExitProcess
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
GetFileType
CreateFileA
SetEnvironmentVariableA
SetFilePointer
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
GetDriveTypeW
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
HeapSize
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetLocaleInfoA
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetVolumeInformationW
DeviceIoControl
GetLastError
CloseHandle
CreateFileW
GetFileSize
Sleep
SetCurrentDirectoryW
GetCurrentProcessId
TlsFree

user32

GetWindowLongW
CreateWindowExW
GetSystemMetrics
RegisterClassExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
GetClientRect
DrawFrameControl
DrawTextW
LoadImageW
MessageBoxW
wsprintfW
ClientToScreen
BeginPaint
ReleaseDC
EndPaint
SetWindowLongW
SetCursor
LoadCursorW
DefWindowProcW
TrackMouseEvent
SendMessageW
UpdateWindow
DestroyWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
ScreenToClient
ShowWindow
SetTimer
EnableWindow
InvalidateRect
PostQuitMessage
LoadIconW
GetDC

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHBindToParent
SHGetMalloc
ShellExecuteW

ole32

CoInitializeEx

comctl32

InitCommonControlsEx

gdi32

GetStockObject
GetObjectW
StretchBlt
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateFontW
CreateSolidBrush
CreatePen
SetBkMode
CreateCompatibleDC
SetTextColor
BitBlt

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnyiSafe/image/About.bmp
AnyiSafe/image/AddFile.bmp
AnyiSafe/image/BackupLog.bmp
AnyiSafe/image/BannerDeviceWizard.bmp
AnyiSafe/image/Delete.bmp
AnyiSafe/image/DeleteVersion.bmp
AnyiSafe/image/Device.bmp
AnyiSafe/image/DeviceMan.bmp
AnyiSafe/image/Eject.bmp
AnyiSafe/image/ListViewStyle.bmp
AnyiSafe/image/NewDevice.bmp
AnyiSafe/image/PanelTitle.bmp
AnyiSafe/image/RT_ButtonDown.bmp
AnyiSafe/image/RT_ButtonUp.bmp
AnyiSafe/image/RT_Edit.bmp
AnyiSafe/image/RT_Face.bmp
AnyiSafe/image/RT_Hilight.bmp
AnyiSafe/image/RT_Panel.bmp
AnyiSafe/image/RT_PanelGroup.bmp
AnyiSafe/image/RT_PanelTitle.bmp
AnyiSafe/image/RT_Toolbar.bmp
AnyiSafe/image/StopBackup.bmp
AnyiSafe/image/checkout.bmp
AnyiSafe/image/clock.bmp
AnyiSafe/image/copy.bmp
AnyiSafe/image/dropdown.bmp
AnyiSafe/image/folder.bmp
AnyiSafe/image/home.bmp
AnyiSafe/image/logo.bmp
AnyiSafe/image/open.bmp
AnyiSafe/image/password.bmp
AnyiSafe/image/refresh.bmp
AnyiSafe/image/refresh16.bmp
AnyiSafe/image/up.bmp
AnyiSafe/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

f4b90dfe9f78200bcae7b128607e8c5d

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

ole32

comctl32

advapi32

gdi32

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 352KB - Virtual size: 351KB

cffb40e89e3cb250347993760df08b39

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

gdi32

Sections

.text Size: 476KB - Virtual size: 472KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 36KB - Virtual size: 74KB

.rsrc Size: 344KB - Virtual size: 340KB

e655e2e3597f8a12f8bc2e1750c148b5

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

ole32

comctl32

gdi32

advapi32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 344KB - Virtual size: 340KB

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 352KB - Virtual size: 351KB

.text
Size: 476KB - Virtual size: 472KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 36KB - Virtual size: 74KB

.rsrc
Size: 344KB - Virtual size: 340KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 344KB - Virtual size: 340KB