2e26eee93aad168dd6d3e9cadaf94f0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e26eee93aad168dd6d3e9cadaf94f0f_JaffaCakes118
Size

47KB
MD5

2e26eee93aad168dd6d3e9cadaf94f0f
SHA1

821f05469d215ab1df2fedba31dd2fda5ccbea69
SHA256

65549fd15d5d0fbadf91502509af3f35336362013c6e7d9f1ac6686502a4bbfc
SHA512

502ac1384c1bb72da331d7ead238a2ad4704c44adbf5d10e6689b798363cab5932d6311f475225fd4521c78902302f30093332b1e2bb7dcff6e6c9b7e936af63
SSDEEP

768:gvuqTPbR2Q4po90QLuyxg310QZm87ZPEtgv/tKdI0KRAo+x1wtfUzELUA6:ofRYo9Lg31PxtIUaXHKoA6

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/CIH_14.EXE
unpack003/CIH_12.EXE
unpack004/CIH_13.EXE

Files

2e26eee93aad168dd6d3e9cadaf94f0f_JaffaCakes118
.zip
chi_14.zip
.zip
CIH_14.EXE
.exe windows:1 windows x86 arch:x86

8462b60f6dff3170e8e893be76732af3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleA

shell32

ShellExecuteA

Sections

��P t
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cih_14.asm
cid_12.zip
.zip
CIH_12.EXE
.exe windows:3 windows x86 arch:x86

4030ac47b2bec11178018951f95ad48c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wsock32

gethostbyname
WSAStartup
ioctlsocket

crtdll

_fmode_dll
_global_unwind2
exit
toupper
sprintf
free
malloc
_pctype_dll
_isctype
__mb_cur_max_dll
sscanf
fprintf
_iob
time
_exit
_XcptFilter
_initterm
__GetMainArgs
_commode_dll
_local_unwind2

kernel32

GetProcessHeap
HeapAlloc
GetLastError
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
HeapFree

user32

CharToOemA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cih_12.asm
cih_13.zip
.zip
CIH_13.EXE
.exe windows:4 windows x86 arch:x86

eb688a49d1deb85b4914e6efa38e6873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
KillTimer
SetForegroundWindow
GetCursorPos
TrackPopupMenu
SetTimer
GetDoubleClickTime
SetMenuItemInfoA
LoadStringA
DestroyMenu
CreatePopupMenu
GetWindow
IsDlgButtonChecked
wsprintfA
AppendMenuA
GetMenuItemInfoA
PostMessageA
SetMenuDefaultItem
CheckMenuRadioItem
PostQuitMessage
ShowWindow
WinHelpA
DestroyWindow
FindWindowA
LoadCursorA
RegisterClassA
RegisterWindowMessageA
CheckDlgButton
GetDlgItem
LoadImageA
DestroyIcon
DefWindowProcA
IsDialogMessageA
CreateDialogParamA
DispatchMessageA
TranslateMessage
SendMessageA

kernel32

lstrcpyA
GlobalHandle
GetProcAddress
DeviceIoControl
lstrcatA
LocalAlloc
GlobalAlloc
GlobalLock
lstrcmpA
GlobalUnlock
GlobalFree
OpenFile
WinExec
CreateFileA
GetStartupInfoA
lstrcmpiA
LoadLibraryA
FreeLibrary
lstrlenA
FormatMessageA
lstrcpynA
LocalFree
CloseHandle
GetCommandLineA
ExitProcess
GetModuleHandleA

shell32

Shell_NotifyIconA
ShellExecuteA

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA

winmm

mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerGetDevCapsA
mixerGetNumDevs
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutMessage
mixerGetID
mixerClose
mixerOpen
mixerMessage

batmeter

CreateBatMeter
BatMeterCapabilities
UpdateBatMeter
BatMeterDeviceChanged

powrprof

WriteGlobalPwrPolicy
ReadGlobalPwrPolicy
EnumPwrSchemes
GetActivePwrScheme
SetActivePwrScheme

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cih_13.asm

Sharing

General

Malware Config

Signatures

Files

8462b60f6dff3170e8e893be76732af3

Headers

File Characteristics

Imports

kernel32

shell32

Sections

��P t Size: 512B - Virtual size: 512B

.idata Size: 512B - Virtual size: 512B

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 52B

4030ac47b2bec11178018951f95ad48c

Headers

File Characteristics

Imports

wsock32

crtdll

kernel32

user32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

eb688a49d1deb85b4914e6efa38e6873

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

winmm

batmeter

powrprof

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 524B

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

��P t
Size: 512B - Virtual size: 512B

.idata
Size: 512B - Virtual size: 512B

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 52B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 524B

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB