2700bf458207e54f638f3fe71b227010_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2700bf458207e54f638f3fe71b227010_JaffaCakes118
Size

240KB
MD5

2700bf458207e54f638f3fe71b227010
SHA1

54376a893549b302fbc25d658dcc10a24aa1f675
SHA256

3c363e7bedebba63912095c674532a8aebea4bdabc2a3b5a80d3ef56d47c5aac
SHA512

90973db128d6cd5e63d182696d2c088e1a3ec61854bb0e4ba31c5cc2f31b2da9530e5c5743abcb04b72824fc84a019eda2ac78fbd8260cdd84e862bfa858f048
SSDEEP

3072:r/f/A0O1FklZp/7+vVtoGNBKBC5CH+xF7vCww95YeoLoSqtIzp:bmkTJjG2BC564ubYe5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2700bf458207e54f638f3fe71b227010_JaffaCakes118

Files

2700bf458207e54f638f3fe71b227010_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75cf614ae49fcc4229db2fc5934c58bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\code\杨根辉备份\龙客户端安装统计\code\code\uninst\Release\UninstLog.pdb

Imports

kernel32

WideCharToMultiByte
InterlockedDecrement
GetVersionExA
GetModuleFileNameA
GetPrivateProfileStringA
Sleep
lstrlenA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCommandLineA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoInitializeEx
CoCreateGuid
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

wininet

InternetGetCookieA

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

75cf614ae49fcc4229db2fc5934c58bf

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

�� Size: 92KB - Virtual size: 92KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B

��
Size: 92KB - Virtual size: 92KB