54ccdb83dae67aa174a0e3851abab1af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

54ccdb83dae67aa174a0e3851abab1af_JaffaCakes118
Size

6KB
MD5

54ccdb83dae67aa174a0e3851abab1af
SHA1

5641a8e6d76eff7b10b5be0e5477c266c45fc732
SHA256

6fbb3aec6b66c2a2918b006ec63162846f5adf6f56110b3bd76d783273944aa3
SHA512

36043e91c83dc3330decc64f0859728f7b882f10ad7b93043f41a80b3f6af702c0010efeb0d9268fb9147eff8bd3a672c4cb28b226184b6b9f4a7fb53709d178
SSDEEP

192:XjlwZPKaWpMUvaF23vB4UIcxCJDjc07H9G+gwNyxjj:X5wSpLa4ZxlCBfjA+DNA/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Vista test crack.exe
unpack002/timerstop.sys

Files

54ccdb83dae67aa174a0e3851abab1af_JaffaCakes118
.rar
StopTimer.zip
.zip
Vista test crack.exe
.exe windows:4 windows x86 arch:x86

649bbb5b62b63595d1fd3c7abd3e21fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetFullPathNameW
CopyFileW
DeleteFileW
GetModuleHandleW

user32

EnableWindow
DefWindowProcW
PostQuitMessage
EndDialog
MessageBoxW
wsprintfW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
DialogBoxParamW

advapi32

OpenServiceW
CloseServiceHandle
DeleteService
CreateServiceW
StartServiceW
OpenSCManagerW

shell32

SHGetFolderPathW

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
timerstop.sys
.sys windows:6 windows x86 arch:x86

92660b27e4316e77681109444939038f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\timerstop\objfre_wlh_x86\i386\TimerStop.pdb

Imports

ntoskrnl.exe

KeTickCount
DbgPrint
KeInitializeTimer
KeSetTimer
KeCancelTimer

hal

KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 512B - Virtual size: 419B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Upped.for.XshareX.info.txt
Vista.Crack.READ.ME.nfo

Sharing

General

Malware Config

Signatures

Files

649bbb5b62b63595d1fd3c7abd3e21fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 748B

92660b27e4316e77681109444939038f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 512B - Virtual size: 419B

.rdata Size: 512B - Virtual size: 147B

.data Size: 512B - Virtual size: 8B

INIT Size: 512B - Virtual size: 294B

.reloc Size: 512B - Virtual size: 80B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 748B

.text
Size: 512B - Virtual size: 419B

.rdata
Size: 512B - Virtual size: 147B

.data
Size: 512B - Virtual size: 8B

INIT
Size: 512B - Virtual size: 294B

.reloc
Size: 512B - Virtual size: 80B