a2dae5d00b80a66643b8797c1d2bc864_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2dae5d00b80a66643b8797c1d2bc864_JaffaCakes118
Size

85KB
MD5

a2dae5d00b80a66643b8797c1d2bc864
SHA1

e08d4c55127de365b60b0d24db58de91830c4a88
SHA256

6e17e8c672ae05e0ea967725d0e815742a3f2bd68b72a02fc4dc6ab3338a6283
SHA512

1a7ef52b944dde63954fe5054d37e2bd499b2804e624cd82a0ebf4eb3712768638ce588895b70874f04640f06075458e81c3d8ddd2daa8f3ffa22ab68c10f7db
SSDEEP

1536:LbkpWibPrxVdHHfFub8EuQ4bLKtdc1x+9HJuP1XzjONPIAH4+H:/Wj5dubX4vw2+e1XONw0F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/电子书EXE，CHM等格式转换成TXT.exe

Files

a2dae5d00b80a66643b8797c1d2bc864_JaffaCakes118
.rar
电子书EXE，CHM等格式转换成TXT.exe
.exe windows:4 windows x86 arch:x86

60d611cb4f3da751076778046e94b30a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MakeSureDirectoryPathExists

wininet

InternetCombineUrlA
InternetCrackUrlA

kernel32

WritePrivateProfileStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
GetTimeZoneInformation
TerminateProcess
HeapReAlloc
HeapSize
GetACP
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
GlobalAlloc
lstrcmpA
GetCurrentThread
LocalFree
MulDiv
SetLastError
GetFileTime
GetProfileStringA
lstrcatA
lstrcpyA
lstrlenA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
GetProcAddress
CloseHandle
OpenProcess
GetCurrentThreadId
GetLastError
lstrcmpiA
MultiByteToWideChar
Sleep
lstrcpynA
WinExec
GetModuleHandleA
GetVersionExA
GetCurrentDirectoryA
CreateDirectoryA
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetModuleFileNameA
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSize
SetErrorMode

user32

BeginPaint
GetMessageA
ValidateRect
CharUpperA
GetCursorPos
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
IsDialogMessageA
PostMessageA
SendDlgItemMessageA
MapWindowPoints
GetFocus
AdjustWindowRectEx
LoadStringA
MessageBoxA
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
DrawTextExA
ClientToScreen
SetWindowTextA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
ScreenToClient
CreateWindowExA
GetDlgItem
GetWindowTextA
EndDialog
SetFocus
GetWindowLongA
DestroyIcon
DrawIcon
LoadImageA
LoadIconA
DestroyMenu
GetSysColorBrush
GrayStringA
DrawTextA
TabbedTextOutA
GetTopWindow
EndPaint
ShowWindow
UpdateWindow
GetLastActivePopup
SetForegroundWindow
SetWindowPos
GetDC
InflateRect
InvalidateRect
MessageBeep
DestroyCursor
CharNextA
IsWindowUnicode
GetSysColor
IsWindow
RegisterWindowMessageA
SendMessageTimeoutA
EnumChildWindows
GetClassNameA
WindowFromPoint
GetParent
GetWindow
IsWindowVisible
IsIconic
CopyRect
GetMessagePos
GetWindowThreadProcessId
GetKeyState
GetWindowRect
GetWindowDC
GetSystemMetrics
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
LoadCursorA
CopyIcon
SetWindowLongA
SetCursor
GetClientRect
PtInRect
SetCapture
ReleaseCapture
RedrawWindow
SendMessageA
EnableWindow
GetCapture

gdi32

BitBlt
CreateCompatibleDC
RestoreDC
CreateDIBitmap
GetTextExtentPointA
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
GetDeviceCaps
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
SaveDC
SetROP2
CreatePen
SelectObject
GetStockObject
Rectangle
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA

comctl32

ord17

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayAccessData
SysAllocStringLen
SafeArrayCreateVector

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿软基地.url
.url

Sharing

General

Malware Config

Signatures

Files

60d611cb4f3da751076778046e94b30a

Headers

File Characteristics

Imports

imagehlp

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 24KB - Virtual size: 22KB