d488f9f83678b72f3708ae346a47c553_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d488f9f83678b72f3708ae346a47c553_JaffaCakes118
Size

1.2MB
MD5

d488f9f83678b72f3708ae346a47c553
SHA1

00b621b1a8ba8901d1a95d49a7a6976596d63eda
SHA256

38d48ba0f727ed74266910130b8e22c2e4c740bda1caed8570795379b692d65c
SHA512

06e809d297828c39bb8ff00ff77f4470d2576cb357b829c1f6c15bddb284a3998b3d90f5881969514fcde9982eb0b4558432ba1758f53f029617b5848f090502
SSDEEP

24576:9lsiyJh0XWB5homkNNDROSjjdYgFGfgCKyIQvtRTe8fDW6jTSlX24IxIux6:3s8XW7Zk/DRb1ZF9yD+mW6jFf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_TweakWindow-v1.5/TWHook.dll
unpack001/ha_TweakWindow-v1.5/TweakWin.exe

Files

d488f9f83678b72f3708ae346a47c553_JaffaCakes118
.rar
ha_TweakWindow-v1.5/License.txt
ha_TweakWindow-v1.5/Order.txt
ha_TweakWindow-v1.5/ReadMe.txt
ha_TweakWindow-v1.5/TWHook.dll
.dll windows:4 windows x86 arch:x86

f885b50f8ecb9a3767f3eca6bbe4d16d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

InitCommonControlsEx
ord17
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

shell32

ShellExecuteA
DuplicateIcon

kernel32

GetVersionExA
GetModuleFileNameA
GetCurrentProcessId
CloseHandle
FlushFileBuffers
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
SetStdHandle
LCMapStringW
MultiByteToWideChar
LCMapStringA
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
SetFilePointer
HeapReAlloc
VirtualAlloc
GetModuleHandleA
LeaveCriticalSection
LoadLibraryA
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
GetLastError
SetLastError
TlsAlloc
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualQuery
InterlockedExchange
GetCommandLineA
GetCurrentThreadId
GetProcAddress
GetSystemTime
EnterCriticalSection
ExitProcess
RtlUnwind

user32

GetWindowRect
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowA
GetWindowTextA
SetCapture
ScreenToClient
ReleaseCapture
TrackPopupMenu
PtInRect
GetSystemMenu
RemoveMenu
GetMenuItemCount
IsWindowVisible
WindowFromPoint
SetCursorPos
EnumChildWindows
GetIconInfo
EnableMenuItem
CheckMenuItem
GetWindowDC
DrawIconEx
ReleaseDC
CallNextHookEx
OffsetRect
RegisterWindowMessageA
LoadImageA
CreatePopupMenu
AppendMenuA
DestroyMenu
GetAsyncKeyState
ShowWindow
GetCursorPos
GetSystemMetrics
SendMessageTimeoutA
InvalidateRect
SetWindowPos
GetPropA
SetWindowLongA
RemovePropA
SetPropA
RedrawWindow
PostMessageA
UpdateWindow
CreateDialogParamA
SetForegroundWindow
BringWindowToTop
GetDlgItem
SetFocus
DestroyWindow
GetParent
SetActiveWindow
EnableWindow
DestroyIcon
IsWindow
SendMessageA
GetClassLongA
EnumWindows
GetClassNameA
GetWindow
MessageBoxA
GetDesktopWindow
GetWindowLongA
GetAncestor
TrackMouseEvent

gdi32

CreateSolidBrush
CreatePen
SelectObject
RoundRect
DeleteObject

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

DeleteTWHook
SetHookOptions
SetTWHook2
SetTempHookOptions
SetTransparent
TW_TrackMouseEvent

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ha_TweakWindow-v1.5/TweakWin.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ha_TweakWindow-v1.5/TweakWindow.chm
.chm
ha_TweakWindow-v1.5/新云软件.url
.url
ha_TweakWindow-v1.5/汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

f885b50f8ecb9a3767f3eca6bbe4d16d

Headers

File Characteristics

Imports

comctl32

shell32

kernel32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 24KB

Shared Size: 4KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 45KB

.reloc Size: 8KB - Virtual size: 6KB

Headers

File Characteristics

Sections

Size: 356KB - Virtual size: 356KB

Size: 84KB - Virtual size: 84KB

Size: 28KB - Virtual size: 28KB

.rsrc Size: 132KB - Virtual size: 132KB

.data Size: 160KB - Virtual size: 160KB

.adata Size: 4KB - Virtual size: 4KB

.mackt Size: 8KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 24KB

Shared
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 45KB

.reloc
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 132KB - Virtual size: 132KB

.data
Size: 160KB - Virtual size: 160KB

.adata
Size: 4KB - Virtual size: 4KB

.mackt
Size: 8KB - Virtual size: 8KB