0ca8a82de242dfe2b30f595d9b945351_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ca8a82de242dfe2b30f595d9b945351_JaffaCakes118
Size

2.1MB
MD5

0ca8a82de242dfe2b30f595d9b945351
SHA1

212121c9aa0ffb160bc17bfdb5e272af00198d84
SHA256

1e2acd518f318e7ede1fbd7d707139d6d4926f4400095130a7f39df60fd5516f
SHA512

5d1085320c76c64ba75dba3f81ce535dfbc8d6af387bbfa2f9bf76ca39e1b84b0b667b5fe01cab76928c8407e5295f09e2b126a431a3f697c7751119ca6d9a18
SSDEEP

49152:IqD/Zh/wjSbz4Yb5xrBRf2EZGjI+K9wL7oA8douW/agmLx3dt:J/w2bdb59f9ZfGHf8munHdt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ca8a82de242dfe2b30f595d9b945351_JaffaCakes118

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

0ca8a82de242dfe2b30f595d9b945351_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71c6f2ee2ea9f92524f5ee3ae3cb6004

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\正式制作\0921文件直接统计\jling\release\Setup.pdb

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
Sleep
MultiByteToWideChar
GetLastError
GetProcAddress
Process32FirstW
DeviceIoControl
LocalFileTimeToFileTime
GetModuleHandleA
CreateToolhelp32Snapshot
CreateThread
ExitProcess
MoveFileW
SetEndOfFile
FlushFileBuffers
DeleteFileW
CloseHandle
LockResource
GetLocalTime
GetTempPathW
CreateFileW
SizeofResource
GetSystemDirectoryW
GlobalAlloc
WriteFile
SetFileTime
SystemTimeToFileTime
LoadResource
Process32NextW
FindResourceW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
SetFilePointer
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetModuleFileNameA
GetModuleFileNameW
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
RtlUnwind
ReadFile
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
InitializeCriticalSection
DebugBreak
OutputDebugStringA
WriteConsoleW
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

LoadIconW
MessageBoxA
SendMessageW
FindWindowW
wsprintfW
FindWindowExW

advapi32

ControlService
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
StartServiceW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW

shlwapi

SHSetValueW

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71c6f2ee2ea9f92524f5ee3ae3cb6004

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wininet

shlwapi

Sections

.text Size: 176KB - Virtual size: 172KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 176KB - Virtual size: 172KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB