9aee17cb251f7af63539522b470c9116_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9aee17cb251f7af63539522b470c9116_JaffaCakes118
Size

665KB
MD5

9aee17cb251f7af63539522b470c9116
SHA1

a0d57f1c01a0bfd069d1dcdfff7eb713e3823c5f
SHA256

672b255eb08a6d4a7135b768b79b046239382e06d5aace3ca3be53af3b4416e2
SHA512

82122ee957c453bc988253e59b254434f2bfc4dfbab7531a99a4fb4c9ab7397ab86de002c135d41595fe34e1d3abe007e0984ff93ddb41fbc6d875f0fb30b9f6
SSDEEP

12288:zpuZKhaikZtB+bpfavM4OagBy5YShON/+kN3a6wBuZ55QRQaFW+t1OZoEnfyWVNa:zp/haFBQpfoNOx85YuOt+kN3FouPyRQM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/52zsoftdown_80751_386w.com/52zsoftdown_80751.exe

Files

9aee17cb251f7af63539522b470c9116_JaffaCakes118
.rar
52zsoftdown_80751_386w.com/360安全卫士专题.url
.url
52zsoftdown_80751_386w.com/360浏览器专题.url
.url
52zsoftdown_80751_386w.com/360软件专题.url
.url
52zsoftdown_80751_386w.com/52zsoftdown_80751.exe
.exe windows:4 windows x86 arch:x86

97ae2632f1459836cc8808855f26b3b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\GameMGR\bin\win32\release\tool\GMSoftDownload.pdb

Imports

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

riched20

ord4

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetSetOptionW

kernel32

GetCurrentDirectoryW
GetCurrentProcess
CreateDirectoryW
GetFileType
FindNextFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemInfo
GetVersionExW
GetSystemDirectoryW
lstrcatW
GetCurrentThreadId
ResumeThread
DeviceIoControl
GetLongPathNameW
GetTempFileNameW
SetCurrentDirectoryW
GetTempPathW
SetPriorityClass
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
CreateThread
ExitThread
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
SetEvent
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
lstrcpynW
Sleep
GetTickCount
CreateProcessW
ResetEvent
WaitForSingleObject
lstrcpyW
OutputDebugStringW
SetStdHandle
GetModuleFileNameW
CreateEventW
GetLastError
GetCommandLineW
MultiByteToWideChar
CreateFileW
ReadFile
lstrlenW
CloseHandle
lstrlenA
GetPrivateProfileStringW
GetPrivateProfileIntW
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileW
WritePrivateProfileStringW
WriteFile
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
QueryPerformanceCounter

user32

OffsetRect
DrawIconEx
CopyImage
FillRect
CharPrevW
DrawTextW
IntersectRect
IsRectEmpty
SetCursor
DrawFocusRect
SetPropW
GetPropW
LoadCursorW
RegisterClassExW
CallWindowProcW
RegisterClassW
SetCaretPos
LoadImageW
DestroyIcon
GetClassInfoExW
GetCursorPos
GetFocus
CreateCaret
ClientToScreen
GetSysColor
CharNextA
RedrawWindow
MoveWindow
GetAsyncKeyState
IsWindow
InvalidateRect
GetMessageW
SetFocus
GetMonitorInfoW
CreateWindowExW
ShowCaret
EnableWindow
HideCaret
CreateAcceleratorTableW
EndPaint
PtInRect
ReleaseCapture
IsChild
DestroyWindow
SetCapture
DispatchMessageW
PostMessageW
ReleaseDC
TranslateAcceleratorW
UpdateLayeredWindow
MonitorFromWindow
SetWindowRgn
GetUpdateRect
GetKeyState
GetDC
TranslateMessage
LoadBitmapW
SystemParametersInfoW
IsIconic
GetClientRect
IsZoomed
SetForegroundWindow
GetWindowTextLengthW
GetWindowRect
GetWindow
MapWindowPoints
SetWindowTextW
GetWindowTextW
LoadStringW
GetParent
GetSystemMetrics
SetWindowLongW
SetWindowPos
GetWindowLongW
ShowWindow
PostQuitMessage
SendMessageW
SetTimer
KillTimer
LoadIconW
ScreenToClient
MessageBoxW
CharNextW
wsprintfA
wsprintfW
InvalidateRgn
DestroyAcceleratorTable
BeginPaint
DefWindowProcW

gdi32

SelectClipRgn
GetCharABCWidthsW
SetBkColor
SetBkMode
StretchBlt
GetTextExtentPoint32W
TextOutW
ExtSelectClipRgn
SetStretchBltMode
ExtTextOutW
SetBitmapBits
CreateSolidBrush
GetClipBox
GetBitmapBits
GetDeviceCaps
CreateCompatibleBitmap
SetTextColor
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
CreateDIBSection
DeleteObject
GetObjectW
GetStockObject
SelectObject
BitBlt
CreatePen
CreateEllipticRgn
Rectangle
GetTextMetricsW
CreateRectRgn
CombineRgn
CreateRoundRectRgn
RoundRect
CreateFontIndirectW

advapi32

RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

ole32

OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateInstance

oleaut32

OleLoadPicture
SysFreeString
SysAllocString

shlwapi

StrStrIW
StrStrIA

Sections

.text
Size: 788KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
52zsoftdown_80751_386w.com/下载排行榜.url
.url
52zsoftdown_80751_386w.com/乡巴佬下载站.txt
52zsoftdown_80751_386w.com/使用帮助.url

Sharing

General

Malware Config

Signatures

Files

97ae2632f1459836cc8808855f26b3b1

Headers

File Characteristics

PDB Paths

Imports

comctl32

msimg32

riched20

shell32

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 788KB - Virtual size: 786KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 16KB - Virtual size: 23KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 344KB - Virtual size: 342KB

.text
Size: 788KB - Virtual size: 786KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 16KB - Virtual size: 23KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 344KB - Virtual size: 342KB