185e4dcebda502fa30bcc436a78bc90b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

185e4dcebda502fa30bcc436a78bc90b_JaffaCakes118
Size

2.7MB
MD5

185e4dcebda502fa30bcc436a78bc90b
SHA1

6b2b4038204168167bf8af19771ffa3022ecc8fd
SHA256

7c5193abd5747f9c44971e4b085901465862b3a548c37f7b0a1c5d633aad9fef
SHA512

d0371dd5e5c5cf4a61fbcaa350b06efd1bc2338d2912c67a2fa8fc4b28396cba97dae73bb55da0d2b1df6ce1cef23c64cb5d41df51fabddd916bd442e8737b1a
SSDEEP

49152:xwNzjWzYFDImd+Kb267EVw/Y3F/JBD7qzR/uViirIQ/:2NqzYJBdF7xsFxN7qzR2ViuIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ksreglib.vmp.dll
unpack001/卧龙吟.exe

Files

185e4dcebda502fa30bcc436a78bc90b_JaffaCakes118
.zip
ksreglib.vmp.dll
.dll windows:5 windows x86 arch:x86

3c57ece528ebff52006fbe42dfd1faec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
MapViewOfFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

advapi32

RegCloseKey

oleaut32

VariantInit

ole32

CoCreateInstance

ntdll

ZwShutdownSystem

shell32

ShellExecuteA

Exports

Exports

IPC_AnswerServerStart
IPC_PubSet
IPC_Question
IPC_close
ks_CheckKeyE
ks_GetData
ks_GetMsg
ks_advapi
ks_apidatafree
ks_destr
ks_edit
ks_editK
ks_exit
ks_prepaid
ks_reguser
ks_setExtVal
ks_setKVal
ks_setSoftVal
ks_setUVal
ks_setUpVal
ks_unbind
ks_viewinfo

Sections

CODE
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载软件_免费下载单机游戏_手机游戏下载大全_psp游戏_下载快播_九号塔下载.url
.url
卧龙吟.exe
.exe windows:4 windows x86 arch:x86

7e85d81b446632083778769f89567f47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\卧龙吟\卧龙吟22.5\Release\xq_web.pdb

Imports

kernel32

HeapFree
HeapAlloc
RaiseException
ExitThread
CreateThread
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentDirectoryA
TerminateProcess
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
ExitProcess
RtlUnwind
GetStartupInfoW
SetErrorMode
GetCurrentDirectoryW
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetShortPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
GetStringTypeExW
MoveFileW
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
GetFileSize
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
lstrcmpA
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CreateEventW
SetEvent
SetThreadPriority
InterlockedDecrement
GetLastError
SetLastError
MulDiv
FormatMessageW
LocalFree
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
GetVersion
lstrcatW
lstrcpyW
lstrcpynW
GlobalGetAtomNameW
GlobalAddAtomW
GetTickCount
lstrlenA
MultiByteToWideChar
GetPrivateProfileStructW
WritePrivateProfileStructW
GetPrivateProfileIntW
SetProcessWorkingSetSize
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetCurrentProcessId
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LoadLibraryW
GetProcAddress
FindFirstFileW
GetFileAttributesW
DeleteFileW
FindClose
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
CreateDirectoryW
GetPrivateProfileStringW
lstrlenW
FreeLibrary
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
CreateFileW
WriteFile
GlobalUnlock
GlobalFree
CloseHandle
WaitForSingleObject
SuspendThread
VirtualAlloc
ResumeThread

user32

IsDialogMessageW
SetDlgItemTextW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
RegisterClassW
UnregisterClassW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
PtInRect
DefWindowProcW
WindowFromPoint
IsChild
KillTimer
ScreenToClient
ClientToScreen
SetRect
DeferWindowPos
RegisterWindowMessageW
LoadMenuW
DestroyMenu
GetSysColor
SetWindowPos
WinHelpW
CharNextW
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowTextW
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
GetClassInfoW
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
LoadAcceleratorsW
GetParent
SetActiveWindow
IsWindowVisible
IsIconic
InsertMenuItemW
GetMenuItemID
GetMenuItemCount
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
PostQuitMessage
IsRectEmpty
ReleaseDC
MoveWindow
DestroyIcon
LockWindowUpdate
GetDCEx
GetSysColorBrush
CharUpperW
EndPaint
BeginPaint
IsWindow
GetDesktopWindow
IsWindowEnabled
TranslateAcceleratorW
GetClientRect
MapVirtualKeyW
FindWindowW
EnableWindow
InvalidateRect
GetMenu
GetSubMenu
GetWindowLongW
SetWindowLongW
UpdateWindow
GetSystemMetrics
wsprintfW
LoadIconW
GetClassNameW
LoadBitmapW
GetMenuCheckMarkDimensions
CheckMenuItem
SetParent
GetWindowRect
GetWindow
GetCursorPos
SetForegroundWindow
SetTimer
GetSystemMenu
PostMessageW
SendMessageW
AppendMenuW
DeleteMenu
CreatePopupMenu
GetDC
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
GetKeyState
CopyAcceleratorTableW
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
SetCapture
SetWindowRgn
DrawIcon
FillRect
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
UnionRect
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
GetMessageW
TranslateMessage
ValidateRect
GetMenuStringW
InsertMenuW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsZoomed
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
SetFocus
EnableMenuItem

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
ExtTextOutW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetBkColor
GetPixel
DeleteObject
GetObjectW
GetStockObject
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
CreateDCW
DeleteDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC

comdlg32

PrintDlgW
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSetValueW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyW
GetFileSecurityW
AdjustTokenPrivileges
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW
DragFinish
ExtractIconW
SHGetFileInfoW
DragQueryFileW

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
VariantChangeType
VariantInit
SysFreeString
SysStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
VariantClear

psapi

EmptyWorkingSet

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
更新日志.CHM
.chm
说明.txt

Sharing

General

Malware Config

Signatures

Files

3c57ece528ebff52006fbe42dfd1faec

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ole32

ntdll

shell32

Exports

Exports

Sections

CODE Size: - Virtual size: 151KB

DATA Size: - Virtual size: 4KB

BSS Size: - Virtual size: 13KB

.idata Size: - Virtual size: 3KB

.edata Size: - Virtual size: 524B

.sedata0 Size: - Virtual size: 2.1MB

.sedata1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 232B

.rsrc Size: 2KB - Virtual size: 7KB

7e85d81b446632083778769f89567f47

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

oleacc

Sections

.text Size: 384KB - Virtual size: 382KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 20KB - Virtual size: 39KB

.rsrc Size: 180KB - Virtual size: 176KB

CODE
Size: - Virtual size: 151KB

DATA
Size: - Virtual size: 4KB

BSS
Size: - Virtual size: 13KB

.idata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 524B

.sedata0
Size: - Virtual size: 2.1MB

.sedata1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 232B

.rsrc
Size: 2KB - Virtual size: 7KB

.text
Size: 384KB - Virtual size: 382KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 20KB - Virtual size: 39KB

.rsrc
Size: 180KB - Virtual size: 176KB