8383c945cc0d96dd50ce459ba5086a67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8383c945cc0d96dd50ce459ba5086a67_JaffaCakes118
Size

4.2MB
MD5

8383c945cc0d96dd50ce459ba5086a67
SHA1

6345a95e7c8324607f35f61273a1c3950636b9c0
SHA256

b29cdd4cc6ed3109274c58ee48739ab380c9ebeca2c630fb1cd80c97c044d446
SHA512

98a2d730899011351248baa0ad88e99e27ab066c2d1878a2b0cbaf950787c1d8c14ada718c8cc97ecdc267ed7e313d0ce4c69912643c640cf71471f01ef82951
SSDEEP

98304:TgjxJRZSBUp0w7t+4PREh5ItucIxRq2xcA972SBVGO3UOadce:0Ntp0w704pEh5ItJIVVZJBoOLadce

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/移动话费余额查询 v3.0破解版/SkinH_VB6.dll
unpack001/移动话费余额查询 v3.0破解版/skin.ini

Files

8383c945cc0d96dd50ce459ba5086a67_JaffaCakes118
.rar
移动话费余额查询 v3.0破解版/SkinH_VB6.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
移动话费余额查询 v3.0破解版/skin.ini
.exe windows:4 windows x86 arch:x86

388b3fc505245450ea90c1c0f7932d4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
rtcAnsiValueBstr
_adj_fprem1
rtcLowerCaseVar
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
__vbaObjSet
rtcMsgBox
_adj_fdiv_m16i
GetMemStr
__vbaObjSetAddref
_adj_fdivr_m16i
GetMemVar
PutMemStr
__vbaVargVar
__vbaBoolVarNull
_CIsin
__vbaErase
rtcMidCharBstr
rtcMidCharVar
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
rtcFileLocation
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
PutMemVar
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
SetMemVar
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
rtcCreateObject2
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
rtcBeep
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
rtcFileLength
__vbaR8Str
__vbaNew2
rtcEndOfFile
_adj_fdiv_m32i
_adj_fdivr_m32i
rtcHexVarFromVar
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ThunRTMain
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
rtcLeftCharVar
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
rtcR8ValFromBstr

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Geddon
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
移动话费余额查询 v3.0破解版/skinh.she
移动话费余额查询 v3.0破解版/移动话费余额查询v3.0 .exe
.exe windows:4 windows x86 arch:x86

7dceeef930900042ca75be60815b470c

Code Sign

6e:f1:72:0e:7b:07:6a:bf:46:a6:74:a0:b7:b5:57:47
Certificate

Issuer

CN=cccccccccccccczzzzzzzzzzzzzzz

Not Before

31/12/2010, 16:00

Not After

31/12/2016, 16:00

Subject

CN=cccccccccccccczzzzzzzzzzzzzzz

Extended Key Usages

ExtKeyUsageCodeSigning

15:60:8b:c5:83:1a:ca:42:da:38:4f:de:fa:8e:ce:7e:bd:f1:9e:2f
Signer

Actual PE Digest

15:60:8b:c5:83:1a:ca:42:da:38:4f:de:fa:8e:ce:7e:bd:f1:9e:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetCommandLineW
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
CreateFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
MoveFileA
CreateProcessA
VirtualProtectEx
GetCommandLineA
SetEvent
CreateEventA
GetSystemTimeAsFileTime
ExitProcess
GetLocalTime
GetCurrentThreadId
ReadFile
GetFileSize
CompareStringA
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
HeapSize
FreeLibrary
SetConsoleCtrlHandler
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetProcessHeap
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
EnterCriticalSection
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
GetStartupInfoA
GetModuleHandleA
UnhandledExceptionFilter
TerminateProcess
RaiseException
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetFileTime
SetFileTime
GetDiskFreeSpaceExW
GetFullPathNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
CreateHardLinkW
GetDiskFreeSpaceExA
GetFullPathNameA
RemoveDirectoryA
CreateDirectoryA
CreateHardLinkA
MoveFileW
CopyFileW
CopyFileA
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
LocalFree
FormatMessageA
RtlUnwind

user32

CreateWindowExA
MessageBoxA
DispatchMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateDialogIndirectParamA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 54.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 652KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 116KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 228KB

.52PoJie Size: 96KB - Virtual size: 112KB

388b3fc505245450ea90c1c0f7932d4d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 84KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 8KB

.text1 Size: 320KB - Virtual size: 320KB

.adata Size: 64KB - Virtual size: 64KB

.data1 Size: 128KB - Virtual size: 128KB

.pdata Size: 192KB - Virtual size: 192KB

.rsrc Size: 16KB - Virtual size: 16KB

.Geddon Size: 4KB - Virtual size: 4KB

7dceeef930900042ca75be60815b470c

Code Sign

6e:f1:72:0e:7b:07:6a:bf:46:a6:74:a0:b7:b5:57:47Certificate

Extended Key Usages

15:60:8b:c5:83:1a:ca:42:da:38:4f:de:fa:8e:ce:7e:bd:f1:9e:2fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

Sections

.text Size: - Virtual size: 13KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 54.6MB

.text1 Size: 652KB - Virtual size: 704KB

.adata Size: 52KB - Virtual size: 64KB

.data1 Size: 116KB - Virtual size: 192KB

.pdata Size: 3.6MB - Virtual size: 3.6MB

.rsrc Size: 16KB - Virtual size: 16KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB

.text
Size: 84KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 8KB

.text1
Size: 320KB - Virtual size: 320KB

.adata
Size: 64KB - Virtual size: 64KB

.data1
Size: 128KB - Virtual size: 128KB

.pdata
Size: 192KB - Virtual size: 192KB

.rsrc
Size: 16KB - Virtual size: 16KB

.Geddon
Size: 4KB - Virtual size: 4KB

6e:f1:72:0e:7b:07:6a:bf:46:a6:74:a0:b7:b5:57:47
Certificate

15:60:8b:c5:83:1a:ca:42:da:38:4f:de:fa:8e:ce:7e:bd:f1:9e:2f
Signer

.text
Size: - Virtual size: 13KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 54.6MB

.text1
Size: 652KB - Virtual size: 704KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 116KB - Virtual size: 192KB

.pdata
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 16KB - Virtual size: 16KB