405fdb49c446ac21bff625e3aab68e6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

405fdb49c446ac21bff625e3aab68e6f_JaffaCakes118
Size

88KB
MD5

405fdb49c446ac21bff625e3aab68e6f
SHA1

0b6b649e8d432906bc16b15e725880ef9d7a2f2d
SHA256

e0c0c2265c948ca0844f7097c6d22fde2d207fca4fbc3844e83802302a618204
SHA512

5cac27c90a9e643baae0d340f9219941c5910cdea690e85437c521d59be80485efc591b4e10455c0f940b1d337bd9260d8c7d014dd9b3a13724189c2ba08d9d3
SSDEEP

1536:nPsLmCbrFRVmp9dNSBlXa8/g4xRJ6ODVopNNhtzvxwqNU4:nSmkVAdNSBQ8/7x36OmNNhJpwqNn

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RCryptor 1.1.exe
unpack001/RCryptor 1.3.exe
unpack001/RCryptor 1.5.exe
unpack001/RCryptor 1.6d.exe
unpack001/RCryptor 1.6с.exe

Files

405fdb49c446ac21bff625e3aab68e6f_JaffaCakes118
.rar
RCryptor 1.1.exe
.exe windows:4 windows x86 arch:x86

6c26effad011db8dfe6cdb6b4424ecb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
CopyFileA
lstrcatA
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetStringTypeA
LCMapStringW
Sleep
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
LoadLibraryA
GetProcAddress
GetTickCount
GetCommandLineA
LCMapStringA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW

user32

LoadBitmapA
IsDlgButtonChecked
LoadIconA
SendMessageA
SendDlgItemMessageA
CheckDlgButton
DialogBoxParamA
SetWindowLongA
SetTimer
GetWindowLongA
GetClientRect
BeginPaint
EndPaint
MessageBoxA
DestroyWindow
MessageBoxIndirectA
KillTimer

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

Sections

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RCryptor 1.3.exe
.exe windows:4 windows x86 arch:x86

423af810c3e07ad11c8c609a7708ad4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
Sleep
WriteFile
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
CopyFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetStringTypeA
LCMapStringW
lstrcatA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
LoadLibraryA
GetProcAddress
GetTickCount
lstrcmpiA
GetCommandLineA
LCMapStringA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW

user32

SetTimer
IsDlgButtonChecked
LoadIconA
SendMessageA
SendDlgItemMessageA
CheckDlgButton
DialogBoxParamA
GetWindowLongA
SetWindowLongA
DestroyWindow
LoadBitmapA
GetClientRect
BeginPaint
EndPaint
MessageBoxA
MessageBoxIndirectA
KillTimer

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

Sections

.text
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RCryptor 1.5.exe
.exe windows:4 windows x86 arch:x86

cec60520be92bff33df31be780356856

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleFileNameA
CloseHandle
CreateProcessA
WriteFile
SetEndOfFile
SetFilePointer
UnmapViewOfFile
CopyFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetStringTypeA
LCMapStringW
lstrcpyA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
LoadLibraryA
GetProcAddress
GetTickCount
GetCommandLineA
lstrcmpiA
LCMapStringA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetStringTypeW

user32

SetTimer
IsDlgButtonChecked
LoadIconA
SendMessageA
SendDlgItemMessageA
CheckDlgButton
DialogBoxParamA
GetWindowLongA
SetWindowLongA
DestroyWindow
LoadBitmapA
GetClientRect
BeginPaint
EndPaint
MessageBoxA
MessageBoxIndirectA
KillTimer

gdi32

SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

Sections

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RCryptor 1.6d.exe
.exe windows:4 windows x86 arch:x86

a776ea0e585619fa3433f6562fa2d545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleFileNameA
GetFileAttributesA
lstrlenA
CloseHandle
Sleep
GetExitCodeProcess
CreateProcessA
WriteFile
SetEndOfFile
SetFilePointer
UnmapViewOfFile
CopyFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcpyA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
LoadLibraryA
GetProcAddress
GetTickCount
lstrcmpiA
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetStringTypeW

user32

SetWindowLongA
IsDlgButtonChecked
wsprintfA
LoadIconA
SendMessageA
SendDlgItemMessageA
CheckDlgButton
DialogBoxParamA
GetWindowLongA
DestroyWindow
SetTimer
LoadBitmapA
GetClientRect
BeginPaint
EndPaint
MessageBoxA
MessageBoxIndirectA
KillTimer

gdi32

DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

Sections

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RCryptor 1.6с.exe
.exe windows:4 windows x86 arch:x86

a776ea0e585619fa3433f6562fa2d545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleFileNameA
GetFileAttributesA
lstrlenA
CloseHandle
Sleep
GetExitCodeProcess
CreateProcessA
WriteFile
SetEndOfFile
SetFilePointer
UnmapViewOfFile
CopyFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcpyA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
LoadLibraryA
GetProcAddress
GetTickCount
lstrcmpiA
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetStringTypeW

user32

SetWindowLongA
IsDlgButtonChecked
wsprintfA
LoadIconA
SendMessageA
SendDlgItemMessageA
CheckDlgButton
DialogBoxParamA
GetWindowLongA
DestroyWindow
SetTimer
LoadBitmapA
GetClientRect
BeginPaint
EndPaint
MessageBoxA
MessageBoxIndirectA
KillTimer

gdi32

DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

Sections

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c26effad011db8dfe6cdb6b4424ecb4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 13KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 116KB - Virtual size: 116KB

423af810c3e07ad11c8c609a7708ad4d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 14KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 113KB - Virtual size: 113KB

cec60520be92bff33df31be780356856

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 15KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 226KB - Virtual size: 226KB

a776ea0e585619fa3433f6562fa2d545

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 15KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 254KB - Virtual size: 254KB

a776ea0e585619fa3433f6562fa2d545

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 15KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 254KB - Virtual size: 254KB

.text
Size: 13KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 116KB - Virtual size: 116KB

.text
Size: 14KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 113KB - Virtual size: 113KB

.text
Size: 15KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 226KB - Virtual size: 226KB

.text
Size: 15KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 254KB - Virtual size: 254KB

.text
Size: 15KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 254KB - Virtual size: 254KB