05a9f8f9552a5e47831159512704da67_JaffaCakes118

General

Target

05a9f8f9552a5e47831159512704da67_JaffaCakes118
Size

21KB
MD5

05a9f8f9552a5e47831159512704da67
SHA1

045ab4ad16a605b7310f8e8763e3e5c71e10c0e9
SHA256

a41a5e82582f2f0f7688d9782e4b1f1a9769135851b930d25ff7bb13f8aa00a8
SHA512

d696a2baf76f794c726d9ced8b03b6854f0493abbc7a08f906725e643f064dfaa4a751f403d66f1ea8bf2b30584ad0e401f08bd4aa09acc129e72800f45c2fad
SSDEEP

384:7/R3ohriAB4JLFvRvsLDnEtm/Bp4/+JeG2wytkZkeoaftEFYJKWqJV3rzDPUj:7/R3oJiA+LFvRvEzCmZp4/IH3ytG2att

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RudeCDTray.exe

Files

05a9f8f9552a5e47831159512704da67_JaffaCakes118
.rar
RudeCDTray.exe
.exe windows:4 windows x86 arch:x86

0c0c05aa3b84cf372b7de950ee2cee92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
lstrcpynA
FindResourceA
LoadResource
GetVersion
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
CompareStringA
GetLastError
LoadLibraryA
GetProcAddress
VirtualAlloc
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetStringTypeW
GetStringTypeA
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
ExitProcess
SetHandleCount
GetEnvironmentStrings
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP

user32

LoadImageA
DispatchMessageA
TranslateMessage
DestroyIcon
SetTimer
DefWindowProcA
MessageBoxA
PostQuitMessage
KillTimer
LoadStringA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA

gdi32

GetStockObject

shell32

Shell_NotifyIconA

winmm

mciSendStringA
sndPlaySoundA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Текстовый документ 2.txt
читать.txt

Sharing

General

Malware Config

Signatures

Files

0c0c05aa3b84cf372b7de950ee2cee92

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

winmm

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 11KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 22KB - Virtual size: 22KB