2ab0fa09067c4f6312245b8e6dc363b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ab0fa09067c4f6312245b8e6dc363b7_JaffaCakes118
Size

405KB
MD5

2ab0fa09067c4f6312245b8e6dc363b7
SHA1

faa7ed3a9d758d6403e5d99f25e500f6c6f627bc
SHA256

0e91708d8ad8ecd871f5401d1f6de0da0798069054460014153b73de82e52d7c
SHA512

4655f139b5717e1ad493dae6abe93099dc1c4508be1bbebd5ffea425a2f18ce521a789f24c6abdd853aed69b9c41e4d3b660aa02945463ef7c9fcae261879917
SSDEEP

6144:gKrFVg71/NEW+UoyriNXmihogAj/YsOIhlM6np5UVQVHGV16W2Gndp65:0/NEWww424AcsOIh/nDUVQ1s328dp65

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/天天挂机1.1.30.exe

Files

2ab0fa09067c4f6312245b8e6dc363b7_JaffaCakes118
.rar
天天挂机1.1.30.exe
.exe windows:5 windows x86 arch:x86

57efebef2bf285dd3d0a11142b6f2958

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GlobalFree
GlobalHandle
GetTickCount
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersionExW
GetSystemInfo
GlobalMemoryStatusEx
GetCurrentProcessId
LoadLibraryW
GetLocalTime
GetFileSize
GetCommandLineW
InitializeCriticalSection
ResumeThread
WaitForMultipleObjects
GetPrivateProfileSectionW
FindClose
FindNextFileW
FindFirstFileW
SetUnhandledExceptionFilter
SetErrorMode
ReadFile
RemoveDirectoryW
MoveFileW
CreateDirectoryW
IsDBCSLeadByte
VirtualProtect
WriteProcessMemory
CreateFileA
SystemTimeToFileTime
GetSystemTime
CompareFileTime
WinExec
GetProcessTimes
GetExitCodeProcess
LocalFree
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
FreeLibrary
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
HeapCreate
GetStdHandle
GetCPInfo
LCMapStringW
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
ExitProcess
GetStartupInfoW
HeapSetInformation
CreateThread
ExitThread
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateMutexW
GetModuleHandleW
GetProcAddress
lstrcmpiW
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
MulDiv
lstrcmpW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrlenW
GetModuleFileNameW
lstrlenA
GetLastError
FreeResource
WaitForSingleObject
SetEvent
CreateProcessW
Sleep
CreateFileW
SetFilePointer
WriteFile
GetTempPathW
GetTempFileNameW
SetLastError
DeleteFileW
CloseHandle
CreateEventW
GetCurrentThreadId
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
SizeofResource
LeaveCriticalSection
EnterCriticalSection
RaiseException
FindResourceExW
FindResourceW
LoadResource
LockResource
GetConsoleCP
SetEndOfFile

user32

MessageBoxW
GetSystemMenu
ShowWindow
EnableWindow
SetActiveWindow
ModifyMenuW
LoadMenuW
AppendMenuW
SetPropW
UnregisterClassA
SendMessageW
GetParent
GetDlgCtrlID
GetDC
GetDesktopWindow
ReleaseDC
IsWindow
GetClientRect
GetKeyState
SetWindowTextW
SetWindowPos
BringWindowToTop
GetWindowRect
ScreenToClient
DialogBoxIndirectParamW
GetActiveWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
RegisterClassW
GetClassInfoW
IsRectEmpty
SystemParametersInfoW
UnhookWindowsHookEx
CheckMenuItem
CallNextHookEx
SetWindowsHookExW
AnimateWindow
EnumChildWindows
FindWindowExW
IntersectRect
UnionRect
SetForegroundWindow
PostQuitMessage
SetWindowLongW
TrackPopupMenu
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
RedrawWindow
KillTimer
IsWindowEnabled
GetWindowLongW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetTimer
DrawTextW
BeginPaint
EndPaint
DefWindowProcW
RegisterClassExW
PtInRect
GetSysColor
CreateDialogIndirectParamW
PeekMessageW
SetCursor
GetCursorPos
OffsetRect
CallWindowProcW
GetMessageW
TranslateMessage
GetWindowTextW
GetWindowTextLengthW
InflateRect
GetWindow
GetDlgItem
MoveWindow
AdjustWindowRectEx
ClientToScreen
SendDlgItemMessageW
GetAncestor
GetSubMenu
MapDialogRect
EndDialog
SetWindowContextHelpId
CharNextW
InvalidateRgn
SetCapture
IsChild
DispatchMessageW
GetPropW
GetPropA
PostMessageW
LoadIconW
RegisterWindowMessageW
CreateAcceleratorTableW
GetFocus
SetFocus
DestroyAcceleratorTable
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW

gdi32

GetTextExtentPointW
GetTextMetricsW
CreateBitmap
CreateSolidBrush
GetDeviceCaps
SetStretchBltMode
StretchBlt
GetStockObject
RoundRect
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
SetTextColor
SetBkColor
ExtTextOutW
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW
CreateFontW
SelectObject
SetBkMode

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
GetUserNameW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW

shell32

SHGetFolderPathA
ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
SHGetFolderPathW

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
ProgIDFromCLSID
OleRun
CreateBindCtx
CLSIDFromProgID
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoCreateGuid

oleaut32

VarBstrCmp
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VariantChangeType
VariantCopy
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

SHDeleteKeyW
PathFileExistsW
PathIsDirectoryW

comctl32

_TrackMouseEvent

wininet

InternetOpenW
InternetSetCookieW
InternetQueryOptionW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
HttpQueryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetErrorDlg
CommitUrlCacheEntryW
CommitUrlCacheEntryA

dsound

ord1

ws2_32

gethostname
gethostbyname
inet_ntoa

urlmon

UrlMkSetSessionOption
CoInternetGetSession
ObtainUserAgentString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dbghelp

ImageDirectoryEntryToDataEx
MiniDumpWriteDump

psapi

EnumProcessModules
GetProcessMemoryInfo

winmm

PlaySoundA
waveOutWrite
midiStreamOut
PlaySoundW

wintrust

WinVerifyTrust

crypt32

CertOpenStore

pdh

PdhOpenQueryW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW

Sections

.text
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57efebef2bf285dd3d0a11142b6f2958

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

dsound

ws2_32

urlmon

version

dbghelp

psapi

winmm

wintrust

crypt32

pdh

Sections

.text Size: 860KB - Virtual size: 859KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 23KB - Virtual size: 32KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 63KB - Virtual size: 63KB

.text
Size: 860KB - Virtual size: 859KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 23KB - Virtual size: 32KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 63KB - Virtual size: 63KB