3bfe837740f2f517031df653bb4894b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bfe837740f2f517031df653bb4894b4_JaffaCakes118
Size

921KB
MD5

3bfe837740f2f517031df653bb4894b4
SHA1

3b19f716f544860259450cce66df1b77f5f8494f
SHA256

13dd1c8de8f27fde09d9b5bd1bda4da2cb2cff6f1b9f9e70b718f720483d6f39
SHA512

9d33c3153846c405f2d61e66d7237a490f5688968b8f1b9c84d0d38a948403ac60c70e96573a7f154939beb9f9277f9da3006d0012becd7c6cc222e9537f81bb
SSDEEP

12288:zvhxLkj4xJY326ZHbXrkOFLDd/wrsykCkaWlBvil5O3rg5:vIjWY9orsyXk5lBKO3rg5

Score

1^/10

Malware Config

Signatures

Files

3bfe837740f2f517031df653bb4894b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b094e11ea4b62271500eea2bcd09ec25

Code Sign

de:f8:52:a7:c0:b8:be:4e:77:c4:e5:21:5a:e7:e7:a8:2e:52:71:70
Signer

Actual PE Digest

de:f8:52:a7:c0:b8:be:4e:77:c4:e5:21:5a:e7:e7:a8:2e:52:71:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\开发项目\xunlei-doyo\doyo_vs2005_v2.0\release\BugReport.pdb

Imports

wininet

InternetQueryDataAvailable
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
HttpEndRequestA
HttpSendRequestExA
InternetConnectA
HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetCloseHandle

kernel32

lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
SetErrorMode
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
FreeResource
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetLocalTime
GetFileInformationByHandle
WriteFile
GetCurrentDirectoryA
SystemTimeToFileTime
TerminateThread
ResumeThread
SuspendThread
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
CreatePipe
GetStartupInfoA
CreateProcessA
WaitForSingleObject
ReadFile
GetCurrentThreadId
Sleep
SetFilePointer
SetEndOfFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTempPathA
GetSystemDirectoryA
OpenMutexA
CreateMutexA
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLastError
SetLastError
GetModuleHandleA
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
CreateDirectoryA
CreateFileA
GetFileSize
CloseHandle
GetVersionExA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
SetUnhandledExceptionFilter

user32

GetSysColorBrush
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
DispatchMessageA
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
CreateWindowExA
SetWindowContextHelpId
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
GetWindowPlacement
GetWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
UnhookWindowsHookEx
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetSysColor
EndPaint
BeginPaint
GetDC
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
CharUpperA
ReleaseDC
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
wsprintfA
GetSystemMetrics
LoadIconA
DrawIcon
IsWindow
GetFocus
IsWindowVisible
SetWindowPos
FindWindowA
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetKeyState
ReleaseCapture
LoadCursorA
SetCursor
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetCursorPos
EnableWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
DestroyMenu
GetClassInfoExA
WindowFromPoint
GetParent
SetCapture
GetCapture
GetActiveWindow
KillTimer
SetTimer
RedrawWindow
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
SetWindowRgn
IsZoomed
IsIconic
GetSystemMenu
PostMessageA
SendMessageA
SetMenuDefaultItem
EnableMenuItem
OffsetRect
InflateRect
SetRect
PtInRect
LoadBitmapA
EndDialog
CallNextHookEx

gdi32

GetViewportExtEx
GetWindowExtEx
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
MoveToEx
LineTo
GetClipBox
SetMapMode
DeleteObject
CreateRectRgn
CreateSolidBrush
StretchBlt
BitBlt
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectA
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
Rectangle
CreatePen
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetPixel
GetPixel
CombineRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathIsDirectoryA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
PathStripToRootA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoRegisterMessageFilter
CreateILockBytesOnHGlobal

oleaut32

VariantCopy
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen
OleCreateFontIndirect
SysAllocString
VariantInit
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

ws2_32

WSAStartup

netapi32

Netbios

snmpapi

SnmpUtilOidNCmp
SnmpUtilVarBindFree
SnmpUtilOidCpy

Exports

Exports

?AfxBits2Bytes@@YAXPAE0I@Z
?AfxDecryptFile2StringForAES@@YAHV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV12@0@Z
?AfxDecryptStringForAES@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@0@Z
?AfxEncryptFileForAES@@YAHV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00@Z
?AfxEncryptString2FileForAES@@YAHV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00@Z
?AfxEncryptStringForAES@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@0@Z
?AfxGetRegeditManager@@YAAAVCRegeditManager@@XZ
?AfxHex2Bits@@YAXPAE0I@Z
?AfxInitRegeditManager@@YAXXZ

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b094e11ea4b62271500eea2bcd09ec25

Code Sign

de:f8:52:a7:c0:b8:be:4e:77:c4:e5:21:5a:e7:e7:a8:2e:52:71:70Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

netapi32

snmpapi

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 434KB - Virtual size: 434KB

de:f8:52:a7:c0:b8:be:4e:77:c4:e5:21:5a:e7:e7:a8:2e:52:71:70
Signer

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 434KB - Virtual size: 434KB