c13cd5d4ab28737c04a0c7b4f71384f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c13cd5d4ab28737c04a0c7b4f71384f1_JaffaCakes118
Size

25KB
MD5

c13cd5d4ab28737c04a0c7b4f71384f1
SHA1

b58126f6979b3a1ba360e4ffec72ca8604d53842
SHA256

8019baba73618051c6cc1f546135a73e2c4aac1ae484603851ddb678b9fe5634
SHA512

bbbf37cd1f937a40adb925060969deab63749831ce7a6f9f8015c440fd5278ad13ba9534b82f2bd8ad77dd91d4216591f1c7ceeb09cc070aa33eae5d23bedc57
SSDEEP

768:MCAEl9uN3hmSFn2E5dUxfKfuV9bC31FTWq:TAEl9uN3IbECfKfur+31VX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zfgh-v1.0/字符批量替换精灵.exe

Files

c13cd5d4ab28737c04a0c7b4f71384f1_JaffaCakes118
.rar
zfgh-v1.0/字符批量替换精灵.exe
.exe windows:4 windows x86 arch:x86

9e3d7bdd54b07c7c752be2f81900bb61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetModuleHandleA
lstrcmpA
lstrcpynA
LoadResource
SetEndOfFile
SetFilePointer
CopyFileA
lstrcatA
lstrcpyA
CloseHandle
UnmapViewOfFile
MulDiv
CreateFileMappingA
FreeResource
LockResource
lstrlenA
WaitForSingleObject
SetEvent
FindClose
FindNextFileA
FindFirstFileA
SetThreadPriority
CreateThread
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalLock
GetFileSize
CreateFileA
MapViewOfFile
GlobalUnlock
ExitProcess
GetVersion
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
HeapReAlloc
HeapFree
RtlUnwind
VirtualFree
WriteFile
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameA
GetStartupInfoA
GetCommandLineA
VirtualAlloc
GetOEMCP
TerminateProcess
HeapAlloc
GetCPInfo
GetACP

user32

GetDC
ReleaseDC
SetWindowPos
DialogBoxIndirectParamA
GetSystemMetrics
SetWindowTextA
GetParent
GetWindowRect
DefDlgProcA
SendMessageA
RegisterClassA
LoadIconA
LoadCursorA
IsDlgButtonChecked
CheckDlgButton
SetDlgItemInt
EndDialog
SetDlgItemTextA
GetDlgItem
EnableWindow
MessageBoxA
GetDlgItemTextA

gdi32

GetDeviceCaps
GetStockObject
GetObjectA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zfgh-v1.0/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9e3d7bdd54b07c7c752be2f81900bb61

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 68KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 68KB