7a092e2774bcb36c12c4341e7b8aa584_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7a092e2774bcb36c12c4341e7b8aa584_JaffaCakes118
Size

4.0MB
MD5

7a092e2774bcb36c12c4341e7b8aa584
SHA1

5fa476d7ede3e753edba227c728aa3a4e14e1f1f
SHA256

331a7b9829842fe55a354f514464fee09190b7f73849aaa2473b53ef2a14d413
SHA512

3b8d37e1097b2f0ac85aa645242df4a35395aca1a8ced0d1be51cf00d33fd50df02834ce1a8143dd04fa2c53d7234312310985718d16405da342444aaba96252
SSDEEP

98304:E1bhB+K9pl/YL7PjcYm1fJ10gmu4Or2nG8KU98KcGb:El+Kl/Y/j7mJPdw1dpd

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/Chrome插件伴侣/Chrome插件伴侣使用说明.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Chrome插件伴侣/Chrome插件伴侣.exe

Files

7a092e2774bcb36c12c4341e7b8aa584_JaffaCakes118
.zip
Chrome插件伴侣/Chrome插件伴侣.exe
.exe windows:6 windows x86 arch:x86

fd116888b9a80dcab89ce62adc4678a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Chrome\CrxHelp\Release\CrxHelp.pdb

Imports

ws2_32

ntohs
recv
recvfrom
select
send
htons
htonl
getsockname
getpeername
connect
closesocket
sendto
socket
WSAIoctl
getaddrinfo
freeaddrinfo
gethostbyname
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
accept
bind

kernel32

OutputDebugStringW
GetThreadTimes
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualQuery
CloseHandle
CreateFileW
GetProcAddress
GetModuleHandleW
GetLastError
ReadFile
SetFilePointer
lstrcmpiA
GetTempPathW
SizeofResource
LockResource
LoadResource
FindResourceW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
SetConsoleCtrlHandler
WriteConsoleW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetSystemTime
SwitchToThread
FindNextFileW
TryEnterCriticalSection
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
WaitForSingleObjectEx
QueryPerformanceCounter
WideCharToMultiByte
WriteFile
GetFileSize
QueryPerformanceFrequency
SleepEx
FindResourceExW
GetUserDefaultLCID
SetConsoleMode
ReadConsoleInputW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetTempFileNameW
DeleteFileW
MoveFileW
CreateDirectoryW
MultiByteToWideChar
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
LCMapStringW
GetConsoleCP
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
Sleep
GetTickCount
SetErrorMode
VirtualProtect
GlobalGetAtomNameW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
ReadConsoleW
GetConsoleMode
ExitProcess
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
GetFileAttributesW
Process32NextW
SetStdHandle
FindClose
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringW
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
ResumeThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
VerifyVersionInfoW
VerSetConditionMask
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
lstrcpyW
GetCurrentProcessId
HeapQueryInformation
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetModuleHandleA
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
FlushFileBuffers
OutputDebugStringA
SetFilePointerEx
K32GetModuleFileNameExW
OpenProcess
GetLocalTime
lstrcmpA
GetModuleFileNameW
FreeResource
FindFirstFileW

user32

GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GetMenuDefaultItem
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
GetAsyncKeyState
IsZoomed
TrackMouseEvent
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
MessageBeep
GetNextDlgGroupItem
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
CharUpperW
RealChildWindowFromPoint
DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
GetMenuItemInfoW
DestroyMenu
ToUnicodeEx
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
LoadAcceleratorsW
CreateAcceleratorTableW
UpdateLayeredWindow
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
GetKeyNameTextW
SubtractRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
TrackPopupMenu
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
HideCaret
InvertRect
DestroyCursor
GetWindowRgn
SetMenu
GetMenu
GetCapture
SetFocus
SendDlgItemMessageA
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
GetClassNameW
InvalidateRect
UpdateWindow
SetCursor
ShowOwnedPopups
ValidateRect
GetKeyState
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadMenuW
EnumDisplayMonitors
GetMonitorInfoW
SystemParametersInfoW
LoadCursorW
CopyRect
SetRectEmpty
SetLayeredWindowAttributes
GetClassInfoW
DefWindowProcW
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CreateDialogIndirectParamW
DestroyWindow
IsWindow
DrawIconEx
IsRectEmpty
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
GetFocus
DrawFrameControl
DrawEdge
RegisterWindowMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
IsWindowEnabled
KillTimer
SetTimer
WaitMessage
PeekMessageW
DispatchMessageW
PostQuitMessage
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnregisterClassW
PostMessageW
IsWindowVisible
MessageBoxW
DrawIcon
GetSystemMetrics
IsIconic
OffsetRect
GetClientRect
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
CopyIcon

gdi32

GetDeviceCaps
CreateDCW
CopyMetaFileW
DeleteDC
CreateFontIndirectW
GetObjectW
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
Polygon
GetRgnBox
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
CreateEllipticRgn
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
CreateHatchBrush
CreateRectRgn
Polyline
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreatePen
CreatePatternBrush
DeleteObject
EnumFontFamiliesW
GetStockObject
GetTextCharsetInfo
CreateBitmap
CreateRectRgnIndirect
CreateSolidBrush
Ellipse
CombineRgn
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
ExtTextOutW
SetPixel
CreatePolygonRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
ScaleWindowExtEx
SelectClipRgn
RectVisible

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
CryptEnumProvidersA
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext

shell32

ShellExecuteW
ShellExecuteA
SHCreateDirectoryExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

StrCmpNA
PathFileExistsW
PathAppendW
StrCmpIW
SHGetValueW
SHSetValueW
StrCpyW
PathRemoveFileSpecW
StrCmpW
PathIsDirectoryEmptyW
SHGetValueA
SHSetValueA
PathIsDirectoryW
PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
StrStrIA
PathFindExtensionW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
IsAppThemed
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
OpenThemeData
CloseThemeData
DrawThemeBackground

ole32

CoRevokeClassObject
CoInitializeEx
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoRegisterMessageFilter

oleaut32

VariantCopy
SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
VarBstrFromDate
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateFromHDC

wsock32

gethostname
inet_ntoa
listen
__WSAFDIsSet
setsockopt
getsockopt
shutdown
getservbyname

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

wldap32

ord147
ord133
ord79
ord142
ord301
ord127
ord27
ord26
ord208
ord41
ord216
ord14
ord46
ord145
ord219
ord167
ord118

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore
CertCloseStore

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 724KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Chrome插件伴侣/Chrome插件伴侣使用说明.pdf
.pdf
- http://Outlook.com
- http://chromekiller.com/wp-content/uploads/2019/08/step2.gif

Sharing

General

Malware Config

Signatures

Files

fd116888b9a80dcab89ce62adc4678a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

wsock32

version

oleacc

imm32

winmm

wldap32

crypt32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 724KB - Virtual size: 724KB

.data Size: 72KB - Virtual size: 107KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 211KB - Virtual size: 210KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 724KB - Virtual size: 724KB

.data
Size: 72KB - Virtual size: 107KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 211KB - Virtual size: 210KB