fd7981eb5857f1c3c4eb43e15d8afaf6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd7981eb5857f1c3c4eb43e15d8afaf6_JaffaCakes118
Size

2.0MB
MD5

fd7981eb5857f1c3c4eb43e15d8afaf6
SHA1

4bfe52c3a1b2d7816ec6d3e31d8d41e4428f8509
SHA256

8e96865e5cf7f211e04a226ad633baa66d10d7f74d945869193821b0dba77508
SHA512

c6c8753acad8886163186136e79d26f478ef1008bc9525b32931d7f8537b55e9cb5086d6a7465462c1e3126e8cc91d2f4c28c5c0ec177cc05bc3d91c023a7ce2
SSDEEP

49152:ZBV07YOJzTVHgV2WGr6etWetMSKAe4HNh2p4LSTPOJOrU:ZB2zTVHgVy6etHA4the4LSTPbg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SC2-WingsOfLiberty-zhCN-Installer-downloader.exe

Files

fd7981eb5857f1c3c4eb43e15d8afaf6_JaffaCakes118
.rar
SC2-WingsOfLiberty-zhCN-Installer-downloader.exe
.exe windows:4 windows x86 arch:x86

e02f6df9332fe99ce17da2b92e902068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\buildserver\1\work-tools-sc2-gm\core-repository\branches\tools-sc2-gm\downloader\release\Blizzard Downloader.pdb

Imports

wininet

InternetReadFileExA
HttpQueryInfoA
InternetSetOptionA
InternetConnectA
InternetSetStatusCallbackA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetSetCookieW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetSetStatusCallbackW
InternetSetOptionW
HttpQueryInfoW
InternetReadFileExW
InternetCloseHandle
InternetGetConnectedState

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

InitCommonControlsEx

kernel32

GetModuleHandleW
GetCurrentThreadId
DeleteFileW
GetUserDefaultLangID
CreateThread
LoadLibraryW
GetProcAddress
FreeLibrary
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetSystemInfo
GetCurrentProcessId
GetCommandLineW
LocalFree
OpenMutexW
CreateMutexW
CreateFileW
GetLastError
CreateEventW
WaitForSingleObject
SetEvent
WriteFile
CloseHandle
GetModuleFileNameW
GetComputerNameA
GetExitCodeProcess
CreateProcessA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetFileType
SetHandleCount
HeapSize
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
SetConsoleCtrlHandler
ExitThread
GetFullPathNameW
HeapReAlloc
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
RtlUnwind
RaiseException
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
VirtualFree
VirtualAlloc
LocalAlloc
MulDiv
GlobalAlloc
GlobalFree
SetLastError
GetVersionExA
SetFileTime
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
SetFilePointer
GetShortPathNameW
GetDiskFreeSpaceExW
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
ReadFile
TlsSetValue
DuplicateHandle
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
GlobalMemoryStatus
Sleep
SetThreadPriority
GetThreadPriority
TlsGetValue
TlsFree
SignalObjectAndWait
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsAlloc
QueryPerformanceFrequency
GetModuleFileNameA
GetCurrentDirectoryW
GetComputerNameW
GetTempPathW
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetFileAttributesA
GetDiskFreeSpaceW
InterlockedDecrement
InterlockedIncrement
GetFileAttributesExW
GetFileSize
SetCurrentDirectoryW
GetFileAttributesW
CreateDirectoryW
MoveFileW
GetTempFileNameW
GetSystemTimeAsFileTime
SetThreadAffinityMask

user32

EndDialog
InvalidateRect
SetDlgItemTextW
SetWindowLongW
GetDlgItem
SetWindowTextW
ReleaseDC
GetWindowRect
GetDC
GetWindowTextLengthW
IsWindowVisible
SetTimer
ModifyMenuW
GetMenu
MoveWindow
ScreenToClient
SetFocus
LoadImageW
LoadIconW
SendMessageW
BringWindowToTop
KillTimer
GetWindowTextW
ShowWindow
GetDesktopWindow
DialogBoxParamW
MessageBoxW
FindWindowW
IsWindow
FillRect
TrackPopupMenu
PostMessageW
SetForegroundWindow
DefWindowProcW
GetWindowDC
OffsetRect
ClientToScreen
SetRect
DrawTextW
InflateRect
LoadMenuW
LoadAcceleratorsW
SetWindowsHookExW
GetMenuItemCount
GetSubMenu
IsIconic
DrawIcon
DestroyMenu
UnhookWindowsHookEx
TranslateAcceleratorW
CallNextHookEx
GetDlgCtrlID
GetClientRect
GetSystemMetrics
SetWindowPos
GetScrollInfo
CheckDlgButton
IsDlgButtonChecked
DestroyWindow
MsgWaitForMultipleObjects
CopyImage
CallWindowProcW
GetWindowLongW
TrackMouseEvent
SetWindowRgn
IsWindowEnabled
DrawIconEx
CreateWindowExW
PtInRect
IsZoomed
CreateDialogParamW
SetMenuDefaultItem
EnableMenuItem
RemoveMenu
GetSystemMenu
DestroyIcon
EndPaint
BeginPaint
DrawFocusRect
GetParent
GetFocus
SetCapture
ReleaseCapture
GetClassNameW
IsMenu
GetMenuItemID
GetMenuStringW
GetMenuItemInfoW
RemovePropW
GetPropW
SetCursor
LoadCursorW
GetCapture
SetPropW
EnumChildWindows
SystemParametersInfoW
GetWindowPlacement
SetWindowPlacement
EnableWindow
EnumWindows

gdi32

CreateFontIndirectW
GetDeviceCaps
RestoreDC
SaveDC
GetTextColor
SelectClipRgn
CreateRectRgnIndirect
GetObjectW
SetPixel
DeleteDC
CreatePolygonRgn
SelectObject
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
SetBkMode
GetStockObject
LineTo
MoveToEx
DeleteObject
CreateEllipticRgn
CreatePen
Rectangle
ExcludeClipRect
CreateSolidBrush
CreateRectRgn
GetPixel
BitBlt
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleSetContainedObject
OleInitialize
CoInitialize
CoUninitialize
OleCreate
CoCreateInstance
CreateStreamOnHGlobal

msimg32

TransparentBlt

iphlpapi

GetTcpTable
GetAdaptersInfo

rpcrt4

UuidCreate

ws2_32

connect
sendto
inet_addr
ntohl
getpeername
getsockname
ntohs
inet_ntoa
send
WSACleanup
accept
ioctlsocket
select
WSAGetLastError
WSASetLastError
WSAStartup
setsockopt
getsockopt
socket
closesocket
__WSAFDIsSet
listen
bind
recv
gethostname
gethostbyname
htonl
htons

advapi32

RegDeleteKeyA
RegCloseKey
RegEnumKeyExW
GetUserNameW
MapGenericMask
AccessCheck
OpenThreadToken
OpenProcessToken
DuplicateToken
GetFileSecurityW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExA
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

SysStringLen
SysFreeString
VariantInit
SysAllocString
VariantClear
OleLoadPicture

Sections

.text
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

e02f6df9332fe99ce17da2b92e902068

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

comctl32

kernel32

user32

gdi32

comdlg32

shell32

ole32

msimg32

iphlpapi

rpcrt4

ws2_32

advapi32

oleaut32

Sections

.text Size: 800KB - Virtual size: 799KB

.rdata Size: 284KB - Virtual size: 280KB

.data Size: 28KB - Virtual size: 80KB

.rsrc Size: 132KB - Virtual size: 131KB

.text
Size: 800KB - Virtual size: 799KB

.rdata
Size: 284KB - Virtual size: 280KB

.data
Size: 28KB - Virtual size: 80KB

.rsrc
Size: 132KB - Virtual size: 131KB