d737ccaec0e7c4ef4d505bcc07948976_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d737ccaec0e7c4ef4d505bcc07948976_JaffaCakes118
Size

177KB
MD5

d737ccaec0e7c4ef4d505bcc07948976
SHA1

9eccb56a18f4f47d9f177efe570096f27edc15c3
SHA256

89c3040acb2a14fdb9ea1e7c077caa1df58cb56d296ceaeee63e3e26f83b40de
SHA512

7e8a6d4c122c47865b47248f93f6086b97f0d90af0f6b46b55ae927e3c1d448f414172da57ba86b2442a8fdd423d4fc8cc8f0533fa78ff29afa8e9eaebacff57
SSDEEP

3072:zGl0FTIOynmk5GbiRisCTkgaO5S4AgfacRmJtGJQDlYwOC5TXQn:zGlgIOynmkMiAsCTkhO5SOcjeIlYeTXi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xiaobaizysd/HomeLock.exe

Files

d737ccaec0e7c4ef4d505bcc07948976_JaffaCakes118
.rar
@Readme.txt
xiaobaizysd/HomeLock.exe
.exe windows:4 windows x86 arch:x86

e0f2f176fd3565b9303d485028d83ee3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4218
ord2578
ord6055
ord4078
ord1776
ord4398
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3582
ord1146
ord1168
ord860
ord556
ord540
ord567
ord324
ord2301
ord2298
ord2358
ord2289
ord2370
ord2302
ord4234
ord5875
ord4476
ord2642
ord3092
ord1105
ord2023
ord1088
ord2122
ord4299
ord6199
ord4710
ord2379
ord3626
ord3706
ord2414
ord1641
ord3663
ord3571
ord755
ord640
ord2405
ord537
ord6172
ord5788
ord5794
ord5785
ord1640
ord323
ord470
ord5280
ord1795
ord3619
ord2575
ord4396
ord3574
ord609
ord2243
ord4275
ord3693
ord613
ord5873
ord4133
ord4297
ord472
ord5789
ord289
ord3874
ord4284
ord2411
ord3597
ord4425
ord4407
ord1775
ord6052
ord4998
ord4853
ord4376
ord5265
ord1134
ord2621
ord6215
ord2514
ord809
ord800
ord616
ord641
ord823
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6334
ord4673
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
_setmbcp
_strlwr
strncpy
sprintf
time
fclose
fopen
__CxxFrameHandler
_wfopen
fread
wcscat
wcscpy
fwrite
ftell
fseek
strtoul
_controlfp
isdigit
_stricmp
rand
srand
free
malloc
__dllonexit

kernel32

LoadResource
FindResourceA
CreateProcessA
SetCurrentDirectoryW
SetFileAttributesW
SizeofResource
CreateDirectoryW
GetModuleFileNameA
CopyFileA
GetStartupInfoA
CopyFileW
MoveFileExA
DeleteFileA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
Sleep
GetLastError
CreateMutexA
LoadLibraryA
CloseHandle
Process32First
Process32Next
OpenProcess
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetSystemDirectoryA
WaitForSingleObject
GetFileAttributesW
GetVersionExA
VirtualFreeEx

user32

LoadCursorA
SetCursor
KillTimer
InvalidateRect
GetWindowRect
GetCursorPos
GetIconInfo
DestroyIcon
DrawStateA
SetTimer
EnableWindow
MessageBoxA
LoadBitmapA
ScreenToClient
PtInRect
SetWindowRgn
SendMessageA
GetClientRect
LoadIconA

gdi32

StretchBlt
CreatePen
RoundRect
DeleteObject
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
Rectangle
BitBlt
CreateRoundRectRgn
GetStockObject
CreateSolidBrush
CreateRectRgn

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 716KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xiaobaizysd/第一次运行先退出360、金山卫士、金山毒霸、电脑管家.txt
呢小.url
.url
绿色软件下载.url
.url

Sharing

General

Malware Config

Signatures

Files

e0f2f176fd3565b9303d485028d83ee3

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 716KB - Virtual size: 714KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 716KB - Virtual size: 714KB