060de3d4698dc9d41d018b09c0528878_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

060de3d4698dc9d41d018b09c0528878_JaffaCakes118
Size

2.5MB
MD5

060de3d4698dc9d41d018b09c0528878
SHA1

d49c770122ca55cb9df5715138a667011a2825b5
SHA256

c02e0393bba811204a5fe50a3c93d843b9a215ffb1ac20555b4a9a75e3e2a844
SHA512

45331d7fb2a9f89a76723b575add492587461bd63905c83b95983125dd384e1e7f72d564642965ff0c066b9fa10ec1feef0c4c1811b54a1b0ade53af33ac4e66
SSDEEP

49152:CsudbhCBXj/eKJhOclUa4ijqfX6NrxFYhxf4sZZnMUDWFB8UV8Hhw0RPXu:CPbh+jefa4i1SUsZZn/qFB8hHa0s

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xnduotjpxt.exe
unpack001/赛娜多媒体电子家谱系统2008豪华极速版注册机.exe

Files

060de3d4698dc9d41d018b09c0528878_JaffaCakes118
.rar
xnduotjpxt.exe
.exe windows:4 windows x86 arch:x86

a357172e9fca88eb33e588efc6d4f4b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2086
ord6215
ord2379
ord800
ord6241
ord860
ord941
ord537
ord5953
ord4710
ord3317
ord540
ord535
ord858
ord2575
ord4396
ord3574
ord823
ord6453
ord609
ord3398
ord3733
ord686
ord810
ord384
ord2453
ord4271
ord5710
ord536
ord4284
ord3797
ord1642
ord2862
ord4000
ord5829
ord3726
ord668
ord801
ord2652
ord1669
ord1168
ord6883
ord3181
ord4058
ord2781
ord2770
ord541
ord356
ord5856
ord4277
ord5683
ord922
ord3303
ord3297
ord4204
ord4853
ord4224
ord3619
ord1146
ord3626
ord3663
ord2414
ord4234
ord2078
ord4299
ord6199
ord924
ord283
ord472
ord2859
ord1641
ord5875
ord5787
ord5788
ord755
ord470
ord2642
ord3092
ord3098
ord2135
ord818
ord1783
ord3496
ord3698
ord765
ord1105
ord1949
ord4034
ord4673
ord5861
ord6143
ord1200
ord4202
ord845
ord857
ord1572
ord1158
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord1199
ord1247
ord2302
ord825
ord324
ord567
ord641
ord616
ord3582
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4398
ord1776
ord4078
ord6055
ord2578
ord4218
ord2023
ord2411
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord2860
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
_setmbcp
_mkdir
_chdir
_fcloseall
_ltoa
_strupr
__CxxFrameHandler
sprintf
toupper
_i64toa
_mbscmp
fclose
fread
fseek
fopen
atol
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
fputc
fgetc
fputs
_mbsicmp
fwrite
ftell
rewind
fgets
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
GetSystemDirectoryA
_lclose
GlobalUnlock
GlobalLock
GlobalFree
GlobalReAlloc
OpenFile
LocalFree
LocalAlloc
GlobalAlloc
_lread
_llseek
GetLogicalDriveStringsA
GetLocalTime
GetTempPathA
GetModuleFileNameA
DeleteFileA
WinExec
SetCurrentDirectoryA
GetWindowsDirectoryA
SetFileAttributesA
GetDiskFreeSpaceExA
GetDriveTypeA
GetExitCodeProcess
CreateProcessA
WaitForSingleObject

user32

SetTimer
KillTimer
LoadIconA
GetClientRect
DrawIcon
GetSystemMetrics
IsIconic
SendMessageA
EnableWindow
MessageBoxA
SetDlgItemTextA
PostQuitMessage
GetDC

gdi32

Rectangle
CreateFontIndirectA
DeleteObject
PatBlt
SetDIBitsToDevice
SelectPalette
RealizePalette
CreatePalette

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
赛娜多媒体电子家谱系统2008豪华极速版注册机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

KeyMake
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AntiKill
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a357172e9fca88eb33e588efc6d4f4b8

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

KeyMake Size: - Virtual size: 40KB

AntiKill Size: 11KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 7KB

KeyMake
Size: - Virtual size: 40KB

AntiKill
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 8KB