ef5e45f553842e4aacd4a36f5bc2d641_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef5e45f553842e4aacd4a36f5bc2d641_JaffaCakes118
Size

7.3MB
MD5

ef5e45f553842e4aacd4a36f5bc2d641
SHA1

1126db638a1bdc74cda101db5210b630fb326d5b
SHA256

a1c24316fd474a37680b77d1a8e13774b271d7e5c8b4622a09298a59af8d73e9
SHA512

ba18de29f4857f48db1f09c78c0f925d5831b9779a1bf3494d6b2d59bab20ebedb9ae7343120286efc1ae3cbfba9a96cffc8b15bc208ccc527d8d7d6fe5ed40a
SSDEEP

196608:RJpVkEfX9JeeGXych5oJ6kpMEG3IckmhQf6Hvq3amH:RBaD5jkpTGblhQCHinH

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe
unpack001/setup.exe

Files

ef5e45f553842e4aacd4a36f5bc2d641_JaffaCakes118
.rar
155绿色软件站.url
.url
Auto-MatePro5.msi
.msi
keygen.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 17KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup.exe
.exe windows:5 windows x86 arch:x86

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

EndUpdateResourceA
MultiByteToWideChar
IsValidCodePage
GetDiskFreeSpaceExA
Sleep
SetFilePointer
FindResourceA
LoadResource
LockResource
SizeofResource
CreateEventA
SetEvent
FormatMessageA
LocalFree
CreateProcessA
GetModuleFileNameA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetSystemDirectoryA
GetVersionExA
CompareStringA
GetSystemInfo
GetCurrentProcess
GetFileAttributesA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateDirectoryA
CopyFileA
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
GetWindowsDirectoryA
GetDateFormatA
GetTimeFormatA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
RaiseException
RtlUnwind
CloseHandle
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetTickCount
FindNextFileA
FindClose
FindFirstFileA
WriteFile
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetThreadLocale
UpdateResourceA
BeginUpdateResourceA
LocalAlloc
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateProcessW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion

gdi32

CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject

user32

ScreenToClient
SetClassLongA
LoadCursorA
SetCursor
LoadIconA
LoadImageA
SetFocus
GetFocus
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA
SetWindowTextA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
DestroyWindow
ShowWindow
SetForegroundWindow
MoveWindow
CreateDialogParamA
CreateDialogIndirectParamA
SendMessageA
GetClientRect
ShowScrollBar
SendDlgItemMessageA
SystemParametersInfoA
GetWindowRect
CharNextA
ExitWindowsEx
MessageBoxA
GetSystemMetrics
DrawTextW
ReleaseDC
GetDialogBaseUnits
LoadStringA
GetDC
MessageBoxW

ole32

CoUninitialize
CoInitialize

shell32

ShellExecuteA
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteExA

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 17KB - Virtual size: 72KB

.rsrc Size: 6KB - Virtual size: 8KB

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

ole32

shell32

Sections

.text Size: 283KB - Virtual size: 282KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 143KB - Virtual size: 143KB

.text
Size: 17KB - Virtual size: 72KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 143KB - Virtual size: 143KB