fe34b4c0e2f73123c32e4c7374cf93a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe34b4c0e2f73123c32e4c7374cf93a7_JaffaCakes118
Size

555KB
MD5

fe34b4c0e2f73123c32e4c7374cf93a7
SHA1

a286b6397854cde826d5e72c4fe364fb69e05b62
SHA256

fb1df2e1c4c3697bdb838463b3a04710aca36f5fab9171911d11a95079ca13b7
SHA512

ffeb39c9ab8f73ef417bef8904271e4718c00f0557d8881ea62d1707e153a304475e8a438b2de2a652a1e175831686efa267211a8be4886b4f6c2d9ce17e7608
SSDEEP

12288:ZpY0wCMSQi0Ez2QSiQOOlXGMyDfTHmtlBKs1T+OK4:Zi0w3SQLAHSiQHy6tlB/X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jsmac.exe

Files

fe34b4c0e2f73123c32e4c7374cf93a7_JaffaCakes118
.rar
jsmac.exe
.exe windows:4 windows x86 arch:x86

6a4543c6d12753335c8cd2fa23a1a208

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetSetOptionW

kernel32

DeleteFileW
GetModuleFileNameA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
SetLastError
GetCurrentThread
FreeLibrary
GetModuleFileNameW
LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualProtect
GetCurrentProcess
CreateFileW
WriteFile
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrlenA
FormatMessageW
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetACP
GetTickCount
Sleep
CreateDirectoryW
GetFileAttributesW
SetEndOfFile
WaitForSingleObject
GetModuleHandleW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
OutputDebugStringW
CreateProcessW
GetTempFileNameW
GetTempPathW
CloseHandle
OpenMutexW
GetLastError
CreateMutexW
VirtualQuery
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
GetThreadLocale
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize

user32

UnregisterClassA
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
DefWindowProcW
PostQuitMessage
SetForegroundWindow
SetWindowPos
IsZoomed
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
IsWindowVisible
GetForegroundWindow
IsWindow
MessageBoxW

gdi32

GetStockObject

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW

Sections

.text
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gms
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html
使用帮助(河东软件站).url
.url
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

6a4543c6d12753335c8cd2fa23a1a208

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 219KB - Virtual size: 220KB

.rdata Size: 60KB - Virtual size: 64KB

.data Size: 8KB - Virtual size: 20KB

.gms Size: 512B - Virtual size: 4KB

.rsrc Size: 170KB - Virtual size: 172KB

.text
Size: 219KB - Virtual size: 220KB

.rdata
Size: 60KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 20KB

.gms
Size: 512B - Virtual size: 4KB

.rsrc
Size: 170KB - Virtual size: 172KB