fb1885680c068142c92817c9fbf93bd9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb1885680c068142c92817c9fbf93bd9_JaffaCakes118
Size

2.9MB
MD5

fb1885680c068142c92817c9fbf93bd9
SHA1

40e62a4ef3d69570198b426c97a6e2310805829c
SHA256

d06e2b1f45f415c50cc992a067c071157a35de98977b10ba896cefb7324196eb
SHA512

7f0de00118dcbfaf5ad689ac6c93925c65f2973ee3c3ed3f0e2301e654aeb7d35748a3cbf715e61b1375733e340247b51f4b9314567e39e4e2598008fba9b060
SSDEEP

49152:gkT4Z+8eDqjk7+JG9payyhaPEKYMllnH6EHd3IvT6eREQnIDOa5FIKb07kXSE:gDZRemI7+JGXayypWnahvYQnIDOCFJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA-OFS-1170.exe

Files

fb1885680c068142c92817c9fbf93bd9_JaffaCakes118
.rar
HA-OFS-1170.exe
.exe windows:4 windows x86 arch:x86

5f112d8d2142e21eb504f432a5aa2e7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetModuleFileNameA
GetDateFormatA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCommandLineA
GetVersionExA
CreateMutexA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcmpA
GetSystemTime
LocalFree
LocalAlloc
GetVersion
GetSystemInfo
GetComputerNameA
SetEndOfFile
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
lstrcpynA
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
RtlUnwind
TerminateProcess
HeapAlloc
HeapFree
GetExitCodeProcess
SetFileTime
GlobalMemoryStatus
GetShortPathNameA
SetErrorMode
WritePrivateProfileStringA
WritePrivateProfileSectionA
MoveFileExA
GetCurrentProcess
ExitProcess
WideCharToMultiByte
CreateProcessA
RemoveDirectoryA
GetFileTime
VerLanguageNameA
CompareFileTime
CopyFileA
GetFileSize
GetLogicalDriveStringsA
FreeLibrary
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
SetFileAttributesA
LCMapStringW
GetTempPathA
GetFileAttributesA
CreateDirectoryA
GetLocaleInfoA
FindFirstFileA
lstrcmpiA
FindNextFileA
FindClose
GetDriveTypeA
lstrcatA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetTickCount
Sleep
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetThreadPriority
SetThreadPriority
GlobalReAlloc
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
MulDiv
lstrlenA
GetLastError
FormatMessageA
WriteFile
ReadFile
lstrcpyA
SetFilePointer
CreateFileA
CloseHandle
GetACP
DeleteFileA

user32

FindWindowA
IsIconic
PostMessageA
RegisterClassA
SetRectEmpty
ExitWindowsEx
MsgWaitForMultipleObjects
GetMessageA
TranslateMessage
DispatchMessageA
FillRect
PostQuitMessage
EnableWindow
SetWindowPos
SetTimer
GetDlgItemTextA
CreateDialogParamA
GetWindowLongA
IsWindowEnabled
GetSystemMetrics
RegisterClassExA
GetClientRect
IsWindowVisible
PtInRect
SetCursor
EndDialog
GetActiveWindow
WaitMessage
IsDialogMessageA
MessageBoxA
CopyRect
KillTimer
DrawEdge
GetDlgItem
SendDlgItemMessageA
SetDlgItemTextA
PeekMessageA
SetWindowTextA
ReleaseDC
EnumDisplaySettingsA
LoadBitmapA
GetDC
DestroyWindow
DefWindowProcA
GetWindowRect
InvalidateRect
LoadIconA
LoadImageA
GetSysColor
GetDesktopWindow
SystemParametersInfoA
SetForegroundWindow
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowLongA
SetFocus
GetSystemMenu
DeleteMenu
AppendMenuA
ShowWindow
LoadCursorA
GetCursorPos
ScreenToClient
SendMessageA

gdi32

SaveDC
SetMapMode
SetViewportOrgEx
RestoreDC
StartDocA
StartPage
EndPage
TextOutA
SetBkMode
SelectObject
CreateFontA
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
CreateSolidBrush
GetStockObject
SetBkColor
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
GetTextExtentPoint32A
CreateBitmap
CreateDIBitmap
CreatePalette
AddFontResourceA
CreateScalableFontResourceA
EndDoc
RemoveFontResourceA

comdlg32

GetOpenFileNameA
PrintDlgA

advapi32

RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
OpenThreadToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
GetUserNameA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
RegQueryValueExA

shell32

SHFileOperationA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHChangeNotify

ole32

CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi

winmm

waveOutGetNumDevs
midiOutGetNumDevs
joyGetPos

comctl32

ord17
ImageList_Create
ImageList_Add

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
安装说明.txt
非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

5f112d8d2142e21eb504f432a5aa2e7a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

version

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 338KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 338KB

.rsrc
Size: 4KB - Virtual size: 3KB