7b146c924db83a07c4bde44575fef1dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7b146c924db83a07c4bde44575fef1dc_JaffaCakes118
Size

5.1MB
MD5

7b146c924db83a07c4bde44575fef1dc
SHA1

fe8783b0c1aa4027d52a7544d8567f42d3c932c8
SHA256

778165edf60133a6866c0880e48c6030839ffa1d102f28805301ea59611d4c9f
SHA512

a8375b023da17bf8d277df0f76f3ec4bf6da08811a2ce0b362578c4fb7e05a7e8c7683da7afa8fcc6697f6991ef5d5d3c59ddab93140238eb3cadc40dfee2e83
SSDEEP

98304:oBqL4ggITdfHiyEcs5vgPlC5mzG8W/a2BWHvmkxUyurwtdObZzkAxjIM+G:OqkksyEl5Q8mzG1/oHvmk10bZzUM+G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/所立得万能账户注册发帖.exe

Files

7b146c924db83a07c4bde44575fef1dc_JaffaCakes118
.rar
data/accounts.mdb.bak
data/sites.mdb.bak
setting.ini
所立得万能账户注册发帖.exe
.exe windows:5 windows x86 arch:x86

922c3d457d1912f31430e805fc57132e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
ExitProcess
LoadLibraryA
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
TerminateProcess
GetCurrentProcess
CreateEventW
GetModuleHandleW
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
LoadLibraryW
CompareStringW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
SetLastError
GetModuleHandleA
FreeLibrary
GetCommandLineA
HeapAlloc
RaiseException
GetLastError
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualQuery
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxW
wsprintfW
MessageBoxA

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

msimg32

AlphaBlend

ole32

CreateStreamOnHGlobal

comctl32

InitializeFlatSB

urlmon

CoInternetCreateZoneManager

wininet

InternetGetConnectedState

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

crypt32

CertOpenSystemStoreW

wsock32

WSACleanup

shdocvw

DoOrganizeFavDlg

Exports

Exports

��x��J�kw��l��}+��g7�M��^��F�B�]�o��y� ԭ��`,��6��XJP�t�C��1"@��Lą̏G6��^�,-�%F��neU(�Z�"��Wvnc|`�j��N7�q��x�}n�^�wf��Ι��3& ��"H�8d�jߍ��%��F��T�UuX��#}۷j�� e��`X��~A��@>q�R�eh�)`P��!�M��2�u��j��V?j2��k��!��T�gzo��Ʀ��ƭQ^�;� T�g��B��툌֝L��.'�� }��tw�>�(흴�6a"$��!��˷��g�NjP�{~!�'&��ߴl��2֋��Et�5��Y`#�e��Պ5�<m�߳ڔ:��.�[��y«T��L(� ��5gx��)u��BUt��|=l��~L��,�h�A@��4��9��}M$nWDs�V�6RF��l�1Nj��x, GY��j0�M�3n&��)��c�"�'��o��D)��| ��ơҀ�~Qܙ�z|�V1�"�nL@�t� ��(��L�YϞ��(�/�¿�d0�Z�O��1̊-�X)<�(R5=CIp��:��:rǓoc_ _eW'��d�U�_`��h=t�K��Fi�aW��c��[��k ��U�\��C@��h�e�n��ei|\�񃍢��vW(��-9�q��;��w9��D�9��I#w��N5�f�%8�W��b�xS��C�h�%E)7ϞihD�$`�YS]�`�K��4=i9�0��\}0��C�|fH��l9Y� #�"<�w)��uh��?�Q�m@ۘ��}��\�'Ψ��ԑ�jUf�#TD6��#��1Xs�ѣ��ߨfh��Y�a<��U�'�;bjH��hX��ڟ��&פH�A7c,�rM�L�x��nX�FV�⽎�0㋍�ì�*辞�� _G��x��f\5��e[l��)i��uw��Q��W�P�b��;$ȵGU�]��[��,��^�O'�&�>�W��!coF�=��.S��N�� DnS5!wF�(4+�~�_bH��I�܋V�7�l��=Ϙ�V�+&�Qw�}��#��;R)J-�<�l��/��1|=��N��\��?�{�`q��̥��]s!�2gkSa�˿��d��I��^�� ;t��G��_&�>CZڋ��ʾ>*��;��`�� Q|����YL��L*��x��b��X�ڰ ��:e��s!�̲+��d(��_�T��M�"V��td�nQ��_��\�� 5Ș&M�f�h6��'� ��U��(�^�|�;�d@�+W�zrW�R@��d KN�-��2Jcz�3�kT�Jgm"��3��rV9x12��_n�3Y��H�8{�ĠNR_��Y�u�A�׼��q]�4\��OԂ��א:63Κ�]��Vʻ��A��_�mͩ�9��P�0R2A#�ȑ�@��c"�"�� r }��MT\v�V�J�9��&�� $EH�̫B�� h5-Ki��H�-�UF�:p��2�F9m1y�޼S,�bw�=%HNv(F�� p�y2'��UໄS4��D�^ ?P��ܚ��8 a�y��h2�` H�Iӗ�m��1%7��Zir��D��h�7DQ0>��k�F�>L�K�3��)3��%�C� �tw��he�N� ��=0ue�'Ѐ�U)�ґD(�� h+M5n�U:l��T2��ˊQ��O�b��)�>l�̸A�G��G%U��dKSa�a��Z�2��Ԏ�P%j��J}�N�<B�<��Jj�D�Wnw7�I�g��F�O��(ۤz�Tl�8u�8#�^b �@�hu�W��u�<^Cڮ�d�KB�*Z�e��4�>��m[ ҡ�m��Ț�_0�Bٿ$�o�=V5㕃��v.fw�`)[f�*�;<��T�hZ��aE(�k N��2��;��h�V�t%3� a�g5�U��۪��J�I�j�$�hc!5�Ԑ̡��Hm��0$��mK2Z�&܈:��Td� q�S�<��ּ1q�C��$�βu릯ĤP��b+�ϘP��J��Շ�X"ev��t�Z��$��톨��씆�}nb��4�VnO�4(��,/�E�gG��w��4��P��w��q��,�9��h��wzU$$��Kpx2�'n��G��tI� �,��IG�O}�ٙ��^E�!�Fƺn/8�oq7l��q��✢�T�I�2U�|��:�!N��n��yD�V��VA�DAt� ��,S��K��A��6'E�8N�0�5+��g��K��KT�_��nHpJS?]�鼀JT��Y�E��dw��J_�?k��,Qx�W�~�� כ��W��(�_��m��;�қ�-j��$ct�<WQgn��u��nv��U"Ξ�0�NA��a),��VG鎲�`��u�|5#!S �' ~��i1�y{��\e�r�]�V�I��}��p��8�lk�c��$ie�U�3�V.��h��i�^^�ڊ'( �w��S{֭�[�0 ҩR�rbh��E[��o�v��mg̱�H��-!!�Ͻ.��#�d:RAp�/��9�Ƈ,֢!�Uu�.�ms�G��-6��SvX�2rtl+R�KG�r�VPWh��P��&��b��5H��?{��$��|;fIMX�s>��,Ec��[�Фp��1ŘQy�]��$|�� Q�ƼKu��DǪ��ݽF�S�V�U�1�2�N��յn̓�#��Wh�J9��}yI��-�z��s۔xۋ&

Sections

Size: 1.1MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.4MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 918KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
更多营销软件下载.lnk
.lnk
更多软件下载.url
.url

Sharing

General

Malware Config

Signatures

Files

922c3d457d1912f31430e805fc57132e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

shell32

version

msimg32

ole32

comctl32

urlmon

wininet

comdlg32

winspool.drv

crypt32

wsock32

shdocvw

Exports

Exports

Sections

Size: 1.1MB - Virtual size: 2.9MB

Size: 6KB - Virtual size: 12KB

Size: 23KB - Virtual size: 56KB

Size: - Virtual size: 24KB

Size: - Virtual size: 20KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: - Virtual size: 232KB

Size: 2.4MB - Virtual size: 2.8MB

.rsrc Size: 109KB - Virtual size: 112KB

Size: 1024B - Virtual size: 3.5MB

.data Size: 918KB - Virtual size: 920KB

.vmp0 Size: 589KB - Virtual size: 589KB

.vmp1 Size: 54KB - Virtual size: 54KB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc
Size: 109KB - Virtual size: 112KB

.data
Size: 918KB - Virtual size: 920KB

.vmp0
Size: 589KB - Virtual size: 589KB

.vmp1
Size: 54KB - Virtual size: 54KB

.reloc
Size: 3KB - Virtual size: 2KB