ebc3c0b0ed405b40b83dac9d6d384ead_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ebc3c0b0ed405b40b83dac9d6d384ead_JaffaCakes118
Size

4.3MB
MD5

ebc3c0b0ed405b40b83dac9d6d384ead
SHA1

a43c86d4acf1da39b122d70827abcf7eb2fbdb92
SHA256

01539ced3c416319039fc0a77c9ccd48033a36fca0c9d7ff6ea85dbdadbc3198
SHA512

cd6171c77cf29b49c29a7017a52d636642e84ee951dca4131edf43cc2f3ab5df497b683d40f2e5410d7d7944ce7d88f0e1596ed2820e758498c81ce86987cffd
SSDEEP

98304:dcx+VoA5coDa7C9y0+8FupUUult2QZHxZb1KB:d1JiW2TkUpvult247bAB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_Class/Setup.exe

Files

ebc3c0b0ed405b40b83dac9d6d384ead_JaffaCakes118
.zip
e_Class/Setup.exe
.exe windows:4 windows x86 arch:x86

1587667a9213858ec359e2a9b06626fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

HeapDestroy
GetModuleHandleA
GetStartupInfoA
HeapCreate
ExitProcess
GetCommandLineA
AddAtomA
HeapAlloc
HeapFree
LockResource
LoadResource
FindResourceA
FindResourceExA
SetErrorMode
SetEvent
FormatMessageA
InterlockedDecrement
CreateProcessA
OpenEventA
lstrcpyA
GetTempFileNameA
GetTempPathA
WaitForSingleObject
GetFileAttributesA
GetLastError
CreateDirectoryA
GetShortPathNameA
GetWindowsDirectoryA
SetFileAttributesA
SetLastError
lstrlenA
CompareStringA
CompareStringW
GetVersionExA
GlobalLock
GetPrivateProfileIntA
GetPrivateProfileStringA
GetUserDefaultLangID
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
GetAtomNameA
DeleteFileA
Sleep
CloseHandle
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalFree
MultiByteToWideChar
CreateFileA
CopyFileA
LocalFree
GlobalAlloc

user32

EndDialog
SetWindowLongA
DialogBoxIndirectParamA
GetWindowLongA
MessageBoxA
GetDlgItem
SendMessageA
DestroyWindow
GetClientRect
GetWindowRect
MoveWindow
CharUpperA
CharLowerA
wsprintfA
PeekMessageA
GetDC
ReleaseDC
CreateDialogParamA
BeginPaint
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadImageA
GetDesktopWindow
CreateDialogIndirectParamA
EndPaint
SetDlgItemTextA
CharNextA

gdi32

DeleteDC
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetSystemPaletteEntries
GetDIBColorTable
BitBlt

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoFreeAllLibraries

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
VariantClear

lz32

LZClose
LZOpenFileA
LZCopy

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e_Class/Setup.ini
e_Class/Setup.inx
e_Class/data1.cab
e_Class/data1.hdr
e_Class/data2.cab
e_Class/ikernel.ex_
e_Class/layout.bin
e_Class/setup.bmp
redme.txt
ƽ....url
ྫ.url

Sharing

General

Malware Config

Signatures

Files

1587667a9213858ec359e2a9b06626fd

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

lz32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 127KB - Virtual size: 127KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 127KB - Virtual size: 127KB