General

Malware Config

Signatures

Files

• fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  5f5336244ab9580daf455c7d0dfc2810

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  e:\backup\360zip\360Zip-3.2.0.2090-2.0.0.1001-正式版-20160118-3.2.0.2080-temp\src\install\bin\Release\Installer.pdb

  Imports

  kernel32

  FindNextFileW

  FindClose

  CreateDirectoryW

  GetWindowsDirectoryW

  GetSystemDirectoryW

  SetFileTime

  GetShortPathNameW

  GetFullPathNameW

  GetCurrentDirectoryW

  SearchPathW

  GetTempFileNameW

  FindCloseChangeNotification

  FindFirstChangeNotificationW

  GetLogicalDriveStringsW

  GetFileInformationByHandle

  ReadFile

  GetStdHandle

  CompareFileTime

  FileTimeToSystemTime

  WideCharToMultiByte

  MultiByteToWideChar

  lstrcmpiW

  GetLastError

  CreateMutexW

  SetLastError

  GetDiskFreeSpaceExW

  GetExitCodeThread

  RemoveDirectoryW

  Sleep

  RaiseException

  InterlockedIncrement

  LeaveCriticalSection

  EnterCriticalSection

  GetCurrentThreadId

  FlushInstructionCache

  FindFirstFileW

  GetVolumeInformationW

  MoveFileW

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  CreateFileA

  GetTimeZoneInformation

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  FlushFileBuffers

  WritePrivateProfileStringW

  IsValidLocale

  EnumSystemLocalesA

  GetUserDefaultLCID

  GetDateFormatA

  GetTimeFormatA

  GetStringTypeW

  GetTickCount

  GetConsoleMode

  GetConsoleCP

  GetLocaleInfoA

  GetLocaleInfoW

  InitializeCriticalSectionAndSpinCount

  InterlockedExchange

  SetConsoleCtrlHandler

  LCMapStringW

  LCMapStringA

  GetCurrentProcessId

  QueryPerformanceCounter

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetStartupInfoA

  GetFileType

  SetHandleCount

  HeapDestroy

  HeapCreate

  FatalAppExitA

  HeapReAlloc

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  GetModuleFileNameA

  HeapSize

  GetCurrentThread

  TlsGetValue

  RtlUnwind

  GetStartupInfoW

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  ExitThread

  TlsFree

  TlsAlloc

  SetWaitableTimer

  CreateWaitableTimerW

  CancelWaitableTimer

  TlsSetValue

  IsBadWritePtr

  IsBadReadPtr

  lstrcmpiA

  SetEndOfFile

  SetFilePointer

  GetFileSize

  ResetEvent

  SetEvent

  FreeResource

  GlobalAlloc

  ResumeThread

  GlobalFree

  MulDiv

  GlobalUnlock

  GlobalLock

  CreateEventW

  WriteFile

  LockResource

  DeleteCriticalSection

  InitializeCriticalSection

  GetModuleFileNameW

  LoadLibraryExW

  FindResourceW

  LoadResource

  SetStdHandle

  SizeofResource

  lstrcpynW

  CreateFileW

  LocalAlloc

  LocalFree

  DeleteFileW

  MoveFileExW

  lstrlenA

  OutputDebugStringW

  DebugBreak

  SetFileAttributesW

  GetFileAttributesW

  InterlockedDecrement

  lstrlenW

  GetTempPathW

  GetVersionExW

  GetCurrentProcess

  lstrcmpA

  DeviceIoControl

  CreateThread

  ExpandEnvironmentStringsW

  SystemTimeToFileTime

  GetSystemTime

  GetSystemInfo

  GetProcessTimes

  GetSystemTimeAsFileTime

  DuplicateHandle

  SetErrorMode

  FileTimeToLocalFileTime

  GetFileTime

  VirtualQuery

  GetModuleHandleA

  ExitProcess

  SetProcessWorkingSetSize

  WaitForMultipleObjects

  TerminateProcess

  OpenProcess

  CopyFileW

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  LoadLibraryA

  HeapAlloc

  GetProcessHeap

  HeapFree

  InterlockedCompareExchange

  GetModuleHandleW

  GetExitCodeProcess

  WaitForSingleObject

  CloseHandle

  CreateProcessW

  FreeLibrary

  LoadLibraryW

  GetStringTypeA

  GetProcAddress

  user32

  AttachThreadInput

  FindWindowExW

  SubtractRect

  MapVirtualKeyW

  SetWindowTextW

  GetDlgItem

  ShowWindow

  LoadCursorW

  SetTimer

  GetWindowRect

  KillTimer

  InvalidateRect

  SetWindowLongW

  SetWindowPos

  EndPaint

  GetWindowTextW

  GetClientRect

  GetWindowThreadProcessId

  GetForegroundWindow

  MonitorFromPoint

  SetClipboardData

  EmptyClipboard

  CloseClipboard

  GetClipboardData

  OpenClipboard

  GetWindowLongW

  SendMessageW

  BeginPaint

  CharNextW

  wvsprintfW

  GetKeyNameTextW

  CharToOemW

  CopyRect

  GetUpdateRect

  SetRect

  GetWindow

  MonitorFromWindow

  GetMonitorInfoW

  LoadImageW

  GetWindowTextLengthW

  ReleaseCapture

  GetDlgCtrlID

  SystemParametersInfoW

  SetCapture

  CreateDialogParamW

  CallWindowProcW

  SetCursor

  GetDC

  PtInRect

  ClientToScreen

  GetCapture

  UpdateWindow

  DrawFocusRect

  GetSystemMetrics

  InflateRect

  DrawEdge

  GetSysColor

  IsWindowEnabled

  OffsetRect

  FillRect

  DrawTextW

  ReleaseDC

  GetWindowDC

  MessageBoxW

  PeekMessageW

  TranslateMessage

  DispatchMessageW

  DefWindowProcW

  BringWindowToTop

  SetForegroundWindow

  FindWindowW

  SetWindowRgn

  GetParent

  AdjustWindowRectEx

  GetMenu

  DestroyWindow

  CreateWindowExW

  GetClassInfoExW

  RegisterClassExW

  IsWindow

  RedrawWindow

  IsIconic

  PostQuitMessage

  PostMessageW

  LoadStringW

  PostThreadMessageW

  SetDlgItemTextW

  GetMessageW

  GetDesktopWindow

  MapWindowPoints

  EnableWindow

  UnregisterClassA

  IsClipboardFormatAvailable

  gdi32

  SetTextColor

  CreateDIBSection

  GetBitmapBits

  OffsetViewportOrgEx

  CreatePatternBrush

  CreateDIBPatternBrushPt

  CreateFontW

  CreatePolygonRgn

  CreateFontIndirectW

  GetCurrentObject

  GetStockObject

  SetViewportOrgEx

  BitBlt

  CreateCompatibleBitmap

  CreateCompatibleDC

  DeleteObject

  DeleteDC

  SelectObject

  SetBkMode

  GetDeviceCaps

  CreateSolidBrush

  GetObjectW

  advapi32

  InitializeSecurityDescriptor

  CopySid

  GetTokenInformation

  OpenProcessToken

  RegEnumKeyW

  RegSetKeySecurity

  AddAce

  InitializeAcl

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegCloseKey

  RegDeleteKeyW

  FreeSid

  SetSecurityDescriptorDacl

  RegQueryValueExW

  AllocateAndInitializeSid

  SetNamedSecurityInfoW

  SetEntriesInAclW

  GetNamedSecurityInfoW

  GetLengthSid

  GetSidIdentifierAuthority

  GetSidSubAuthorityCount

  GetSidSubAuthority

  RegGetKeySecurity

  shell32

  SHAppBarMessage

  SHGetSpecialFolderLocation

  SHFileOperationW

  SHChangeNotify

  SHGetSpecialFolderPathW

  SHGetFileInfoW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHFreeNameMappings

  ord165

  ole32

  CoInitializeEx

  CoInitializeSecurity

  CoSetProxyBlanket

  OleUninitialize

  OleInitialize

  CreateStreamOnHGlobal

  CoUninitialize

  CoInitialize

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  CoCreateGuid

  oleaut32

  SysFreeString

  SysAllocString

  VariantInit

  SysAllocStringByteLen

  VariantClear

  VariantCopy

  VarUI4FromStr

  OleLoadPicture

  shlwapi

  PathMatchSpecW

  PathFindExtensionW

  PathIsRootW

  PathFileExistsW

  PathCombineW

  SHGetValueW

  StrStrIW

  PathIsPrefixW

  PathRemoveFileSpecW

  PathIsURLW

  StrToIntExW

  SHGetValueA

  PathGetDriveNumberW

  SHSetValueW

  SHDeleteKeyW

  PathAppendW

  PathIsDirectoryW

  comctl32

  ImageList_Add

  _TrackMouseEvent

  ImageList_Destroy

  ImageList_Draw

  ImageList_GetIconSize

  InitCommonControlsEx

  ImageList_Create

  ImageList_SetImageCount

  ImageList_Duplicate

  ImageList_Remove

  msimg32

  AlphaBlend

  setupapi

  SetupIterateCabinetW

  wininet

  CreateUrlCacheEntryW

  InternetSetOptionW

  InternetGetLastResponseInfoW

  GetUrlCacheEntryInfoW

  CommitUrlCacheEntryW

  InternetQueryOptionW

  InternetCrackUrlW

  HttpOpenRequestW

  InternetOpenW

  InternetOpenUrlW

  FtpCommandW

  InternetWriteFile

  HttpEndRequestW

  FtpOpenFileW

  InternetReadFileExA

  InternetReadFile

  InternetSetStatusCallbackW

  FtpGetFileSize

  HttpQueryInfoW

  HttpSendRequestExW

  InternetConnectW

  InternetSetOptionA

  InternetCloseHandle

  wintrust

  CryptCATAdminCalcHashFromFileHandle

  WinVerifyTrust

  CryptCATAdminAcquireContext

  CryptCATAdminEnumCatalogFromHash

  CryptCATAdminReleaseCatalogContext

  CryptCATAdminReleaseContext

  urlmon

  ObtainUserAgentString

  version

  GetFileVersionInfoSizeW

  VerQueryValueW

  GetFileVersionInfoW

  netapi32

  Netbios

  psapi

  GetProcessMemoryInfo

  GetModuleBaseNameW

  EnumProcessModules

  EnumProcesses

  GetModuleFileNameExW

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  Sections

  .text

  Size: 374KB - Virtual size: 373KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 6.3MB - Virtual size: 6.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ