a1a525f0e936ca6be9bbc5bb110b9a24_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a1a525f0e936ca6be9bbc5bb110b9a24_JaffaCakes118
Size

5.4MB
MD5

a1a525f0e936ca6be9bbc5bb110b9a24
SHA1

9d8ca9248dd911dcf843f25cc74a7d1c543f8c2f
SHA256

8fb6181dc9656bce47478b6c1fed17d0c757fd9ca476f15e355b8e9f5f21eeb1
SHA512

a913b383605fc7aad2005b002c2b3298a56348c1cfed2119507fb811940a041f87ab6ef79b2620c0c5512025c641e054c33444486a1b4674cb41389f24764e32
SSDEEP

98304:GN1WVIO1/0CFAqPiW/ynNSbij3hG9ZoOA46DsUS8olAK2GoBxn57gYNN1cnNnavO:y1Wp/0CK8Dqn2ij3+oI6DHD3GoV7gYPc

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xjbtbsjxhplzcj_gr/QSew2168=SQ218.2_XJB.dll
unpack001/xjbtbsjxhplzcj_gr/迅捷贝淘宝手机小号批量注册机 v4.4.0.4.exe

Files

a1a525f0e936ca6be9bbc5bb110b9a24_JaffaCakes118
.rar
Readme-说明.htm
.html
xjbtbsjxhplzcj_gr/QSew2168=SQ218.2_XJB.dll
.dll windows:4 windows x86 arch:x86

01549177c60e4150394ae5c50b7e01cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringA

user32

DestroyMenu

gdi32

SetStretchBltMode

winmm

midiStreamRestart

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

VariantInit

comctl32

ImageList_Destroy

ws2_32

recvfrom

comdlg32

GetFileTitleA

msvcrt

__dllonexit

psapi

GetMappedFileNameW

Exports

Exports

xxwqsersawqaf_111
xxwqsersawqaf_222
xxwqsersawqaf_333
xxwqsersawqaf_444

Sections

.text
Size: 548KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xjbdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xjbdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xjbtbsjxhplzcj_gr/迅捷贝淘宝手机小号批量注册机 v4.4.0.4.exe
.exe windows:4 windows x86 arch:x86

59166f74f29941b8a679b80f20f8476a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

WSAAsyncSelect

rasapi32

RasGetConnectStatusA

kernel32

SetLastError

user32

SetFocus

gdi32

GetViewportExtEx

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

DragFinish

ole32

CLSIDFromProgID

oleaut32

SafeArrayGetLBound

comctl32

ImageList_GetIcon

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseFontA

msvcrt

__dllonexit

psapi

GetMappedFileNameW

Sections

.text
Size: 1.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xjbdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xjbdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
谷普下载-首页.url
.url

Sharing

General

Malware Config

Signatures

Files

01549177c60e4150394ae5c50b7e01cd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

msvcrt

psapi

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 1.3MB

.xjbdata Size: 1.6MB - Virtual size: 1.6MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 4KB - Virtual size: 4KB

.xjbdata Size: 4KB - Virtual size: 4KB

59166f74f29941b8a679b80f20f8476a

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

msvcrt

psapi

Sections

.text Size: 1.2MB - Virtual size: 2.4MB

.xjbdata Size: 2.5MB - Virtual size: 2.5MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 96KB

.xjbdata Size: 24KB - Virtual size: 24KB

.text
Size: 548KB - Virtual size: 1.3MB

.xjbdata
Size: 1.6MB - Virtual size: 1.6MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 4KB - Virtual size: 4KB

.xjbdata
Size: 4KB - Virtual size: 4KB

.text
Size: 1.2MB - Virtual size: 2.4MB

.xjbdata
Size: 2.5MB - Virtual size: 2.5MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 96KB

.xjbdata
Size: 24KB - Virtual size: 24KB