db104de2ffe8e1661195f8aee122ff48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db104de2ffe8e1661195f8aee122ff48_JaffaCakes118
Size

3.9MB
MD5

db104de2ffe8e1661195f8aee122ff48
SHA1

19772c382b95d35eaf497b9b16398ce203fe975b
SHA256

84b9cf223ec7e0befc1dc73f107917f7b2b091fe2a8814c07bd2ece24fa39375
SHA512

a05d0da329498ef97cb0d087b00b563a134df6a87d1b4b96654164e6feac24db047c95b03b48afc74205dff722d8a01c18cd763a489d593d09876cf9edc659a6
SSDEEP

49152:D5LU4tt03fzzIXJ+/+hWZLwd8h5K+WEqvXQpeyN9qvFhY5MU4DbWrcbF4wr1H09U:DKJmJ+/IxdMc9XQIB9SqTbWELRBh+i7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CiC_assistan_win.exe

Files

db104de2ffe8e1661195f8aee122ff48_JaffaCakes118
.rar
CiC_assistan_win.exe
.exe windows:5 windows x86 arch:x86

9d20ca7a919011909c289b529d6a4d24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
CreateFileMappingW
UnmapViewOfFile
GetThreadPriority
GetCurrentThread
ResetEvent
TlsFree
TlsAlloc
TerminateThread
SetThreadPriority
TlsSetValue
ResumeThread
WaitForMultipleObjects
MapViewOfFile
TlsGetValue
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindNextFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetLogicalDrives
GetFileTime
DeviceIoControl
RemoveDirectoryW
CreateDirectoryW
MoveFileW
CopyFileW
GetCurrentDirectoryW
GetFileAttributesExW
SetFilePointerEx
GetFileInformationByHandle
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
CreateEventW
SetEvent
GetProcAddress
OutputDebugStringW
GetModuleFileNameW
GetTimeFormatW
GetDateFormatW
FormatMessageW
LocalFree
GetLocalTime
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetCommandLineW
GetUserDefaultLCID
CompareStringW
GetDriveTypeW
GlobalSize
FindFirstFileW
FindClose
LoadLibraryW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
IsValidLanguageGroup
IsValidLocale
GetUserDefaultLangID
GetLocaleInfoW
SetErrorMode
InterlockedDecrement
GetVolumeInformationW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
LockFileEx
GetFullPathNameW
GetFullPathNameA
GetTempPathW
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetSystemTimeAsFileTime
GetSystemTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteFileW
GetFileAttributesW
DeleteFileA
GetFileAttributesA
CreateFileW
CreateFileA
LockFile
UnlockFile
GetFileSize
SetEndOfFile
FlushFileBuffers
WriteFile
GetCurrentThreadId
SetFilePointer
GetLastError
ReadFile
CloseHandle
Sleep
AreFileApisANSI
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle

user32

IsChild
SetFocus
GetFocus
GetActiveWindow
SetWindowLongW
GetWindowLongW
SystemParametersInfoW
EnableMenuItem
GetSystemMenu
DestroyIcon
UnhookWindowsHookEx
ReleaseCapture
SetForegroundWindow
SetWindowPos
UpdateWindow
ScrollWindowEx
AdjustWindowRectEx
SetCapture
SetCursor
DestroyWindow
ClientToScreen
ScreenToClient
SetWindowTextW
SendMessageW
GetSystemMetrics
ShowWindow
InvalidateRect
MoveWindow
SetWindowRgn
SetParent
IsZoomed
IsIconic
IsWindowVisible
GetWindowRect
SetWindowPlacement
GetWindowPlacement
GetClientRect
ValidateRgn
CreateWindowExW
GetDesktopWindow
MessageBeep
FlashWindowEx
GetCaretBlinkTime
GetKeyState
PostMessageW
PeekMessageW
SetCaretBlinkTime
SetDoubleClickTime
GetDoubleClickTime
GetParent
WindowFromPoint
GetSysColor
EndPaint
BeginPaint
InvalidateRgn
GetUpdateRect
ClipCursor
GetCursorPos
UnregisterClassW
GetWindowRgn
DefWindowProcW
RegisterClassW
GetSysColorBrush
LoadImageW
GetClassInfoW
DestroyCursor
SetCursorPos
CreateIconIndirect
CreateCursor
RegisterWindowMessageW
GetKeyboardLayoutList
TranslateMessage
HideCaret
CreateCaret
SetCaretPos
DestroyCaret
DrawIconEx
GetIconInfo
RegisterClipboardFormatW
LoadIconW
ChangeClipboardChain
SetClipboardViewer
GetKeyboardLayout
ToUnicode
GetDC
ReleaseDC
ToAscii
MapVirtualKeyW
TrackPopupMenuEx
SetMenuItemInfoW
GetKeyboardState
GetMenu
GetClipboardFormatNameW
CharNextExA
SetTimer
KillTimer
DispatchMessageW
MsgWaitForMultipleObjectsEx

shell32

SHGetFileInfoW
ShellExecuteW

ole32

OleUninitialize
DoDragDrop
CoCreateInstance
CoLockObjectExternal
RegisterDragDrop
OleInitialize
ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoGetMalloc
CoInitialize
CoCreateGuid
StringFromGUID2
CoUninitialize
RevokeDragDrop

advapi32

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey

ws2_32

WSAAsyncSelect

gdi32

CreateRectRgn
CreateEllipticRgn
GetObjectW
GetStockObject
RealizePalette
SelectPalette
PtInRegion
GetFontData
SelectObject
CreateFontIndirectW
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExW
CreateCompatibleDC
DeleteDC
GetOutlineTextMetricsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetPaletteEntries
CreatePalette
GetDIBits
GetRegionData
CreateBitmap
BitBlt
CreateCompatibleBitmap
GdiFlush
SelectClipRgn
CombineRgn
OffsetRgn
CreateDIBSection
GetDeviceCaps
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

oleaut32

VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext

winmm

PlaySoundW

msvcp90

?uncaught_exception@std@@YA_NXZ

msvcr90

_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_vsnprintf_s
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_wassert
_beginthread
_beginthreadex
_endthreadex
_getpid
_wchmod
_open_osfhandle
_getdrive
_wgetdcwd
_get_osfhandle
_write
fgets
feof
_fseeki64
_read
fclose
_errno
_ftelli64
_lseeki64
_fileno
_CIasin
_clearfp
_control87
_get_tzname
isalpha
isupper
exit
getenv_s
rand
_controlfp_s
_tzset
_gmtime64_s
_localtime64_s
_mktime64
_waccess
memchr
??0exception@std@@QAE@XZ
strtod
fflush
fwrite
fread
abort
_snprintf
__iob_func
fprintf
longjmp
__CxxLongjmpUnwind
_setjmp3
strcpy_s
strstr
sscanf_s
_close
calloc
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
_CIlog
_CIacos
wcsrchr
bsearch
floor
_localtime64
memcpy
__CxxFrameHandler3
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
ceil
_CIpow
_CIatan2
_CIsqrt
_flushall
_CItan
_CIsin
_CIatan
_CIcos
??_V@YAXPAX@Z
strchr
toupper
memmove
realloc
tolower
strncmp
isalnum
isxdigit
atoi
isdigit
isspace
memset
free
_CxxThrowException
malloc

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CiC_asstan_linux.zip
.zip
CiC_assistan_linux
.elf linux x86
sqldrivers/libqsqlite.so
.elf linux x86
readme.txt
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9d20ca7a919011909c289b529d6a4d24

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

advapi32

ws2_32

gdi32

comdlg32

oleaut32

imm32

winmm

msvcp90

msvcr90

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 29KB - Virtual size: 43KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 29KB - Virtual size: 43KB

.rsrc
Size: 6KB - Virtual size: 6KB