fd9d76f1c8634d163dc96b3e5cdcd88a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd9d76f1c8634d163dc96b3e5cdcd88a_JaffaCakes118
Size

166KB
MD5

fd9d76f1c8634d163dc96b3e5cdcd88a
SHA1

db83cc50a617058eafd10559c7db2f7815cbd2de
SHA256

09375101ab93f54b1cfdae6cbce2c6cf6210757dea63a996f693ea4d72259a50
SHA512

6540ac90ea1994e0bdb861574091f3221f775c51eee84ee4bc01a7ee22f43926408c19e67ac9d7ae95187397d8b69d87c50b7a208feffbed8d29f5ba1fbfc490
SSDEEP

3072:Qd5Y7mubij/E1x6JqOabDhcBx88hO//KZPLSfdj0YdQvfx0uxRcF0:U5YfG/Ev6UOa2o/KlLEjYyuxq6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA_Filemon7.02_yfy/Filemon.exe

Files

fd9d76f1c8634d163dc96b3e5cdcd88a_JaffaCakes118
.rar
HA_Filemon7.02_yfy/FILEMON.HLP
HA_Filemon7.02_yfy/Filemon.exe
.exe windows:4 windows x86 arch:x86

4175e535a41900f94dcefa636eb6e691

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
CreateToolbarEx

kernel32

GetCurrentProcessId
GetCurrentDirectoryA
DeleteFileA
GetModuleFileNameA
GetSystemDirectoryA
QueryPerformanceFrequency
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
GetFileAttributesA
OutputDebugStringA
GetVersion
GetTickCount
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcatA
HeapFree
lstrlenA
lstrcpyA
HeapAlloc
GetProcessHeap
ReadProcessMemory
OpenProcess
Sleep
GetVersionExA
GetUserDefaultLangID
SetEndOfFile
ReadFile
GetStringTypeW
GetStringTypeA
CreateEventA
LCMapStringA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
SetFilePointer
FlushFileBuffers
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
TlsGetValue
TlsAlloc
GetCurrentThreadId
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
InitializeCriticalSection
WriteFile
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetStartupInfoA
RtlUnwind
ExitThread
TlsSetValue
CreateThread
ResumeThread
GetLogicalDrives
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetTimeFormatA
SetEvent
LoadLibraryA
FreeLibrary
WaitForSingleObject
WaitForMultipleObjects
DeviceIoControl
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
CloseHandle
LCMapStringW

user32

SetWindowLongA
SetCursor
InvalidateRect
ChildWindowFromPoint
GetSysColor
GetSysColorBrush
LoadCursorA
DrawIconEx
GetClientRect
SetWindowTextA
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
GetFocus
GetSystemMetrics
SetTimer
IsZoomed
IsIconic
CallWindowProcA
GetDlgItem
MoveWindow
GetWindowRect
GetParent
ScreenToClient
GetDlgItemTextA
IsWindowEnabled
SetDlgItemTextA
CheckDlgButton
EnableWindow
IsDlgButtonChecked
CheckRadioButton
RegisterWindowMessageA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
RegisterClassA
DialogBoxParamA
GetMenu
EnableMenuItem
CreateMenu
InsertMenuA
SetFocus
BeginPaint
EndPaint
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
LoadStringA
WinHelpA
GetDC
ReleaseDC
InvalidateRgn
SetWindowPos
ReleaseCapture
PostMessageA
DefWindowProcA
DestroyWindow
CheckMenuItem
SendMessageA
MessageBoxA
PostQuitMessage
EndDialog
ClientToScreen

gdi32

GetTextExtentPoint32A
SetBkColor
CreateSolidBrush
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
GetStockObject
GetTextMetricsA
DeleteObject
ExtTextOutA
CreateCompatibleDC

comdlg32

GetOpenFileNameA
FindTextA
ChooseColorA
ChooseFontA
GetSaveFileNameA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegQueryValueExA
GetTokenInformation
LookupAccountSidA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
AdjustTokenPrivileges

shell32

ShellExecuteExA
ShellExecuteA
SHGetFileInfoA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HA_Filemon7.02_yfy/README.TXT
HA_Filemon7.02_yfy/下载说明.htm
.html .js polyglot
HA_Filemon7.02_yfy/汉化说明.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

4175e535a41900f94dcefa636eb6e691

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

version

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 108KB

.rsrc Size: 344KB - Virtual size: 340KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 108KB

.rsrc
Size: 344KB - Virtual size: 340KB