19f013b1357d24294027d2b88f1eb5ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

19f013b1357d24294027d2b88f1eb5ab_JaffaCakes118
Size

1.3MB
MD5

19f013b1357d24294027d2b88f1eb5ab
SHA1

b5189cd1e00d7c565de5cb07faa55df2018944f0
SHA256

4fab4cac3b592d43ef72f8a2b5786530bf8d2986dc35f17cf2c43cfed8eb8177
SHA512

21cad1c89633ba4de66f03d2d0a69be013c1db552b6b2b441c09a0c9452f2ed8b871e69519d3f59f887fe5309836c52bd1c4aa0ebba9042de76b9203dc141d54
SSDEEP

24576:WsAxlLVTq+hNjvv5yMO0Cr7TnoP4Fqnb/hNk0Y8Ij+r6Ih+7yIDxt20:WJxl3jRO0CrnYIqnbpNkMnytf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/time_machine/TimeM.exe

Files

19f013b1357d24294027d2b88f1eb5ab_JaffaCakes118
.rar
time_machine/ASSHdr.Tpl
time_machine/EffectCode.tpl
time_machine/SSAHdr.Tpl
time_machine/TimeM.exe
.exe windows:5 windows x86 arch:x86

f32edad79869d15d4326d62670d65897

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\项目代码\新svn下的项目\TimeMcode\Release\TimeM.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetProcessHeap
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
SetLastError
GetLastError
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
CreateProcessW
GetConsoleCP
WaitForSingleObject
CloseHandle
MultiByteToWideChar
GlobalAlloc
lstrcmpW
GetCurrentProcess
FlushInstructionCache
MulDiv
lstrlenW
DeleteCriticalSection
EnterCriticalSection
GetStringTypeA
GlobalLock
GlobalUnlock
RaiseException
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
InitializeCriticalSection
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
SetFilePointer
OutputDebugStringW
WriteFile
CreateFileW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
ExitProcess
GetFileType
SetStdHandle
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLocalTime
LCMapStringA
LeaveCriticalSection
GetConsoleMode
HeapAlloc
HeapFree
GetCurrentProcessId
FreeLibrary
lstrcmpiW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
FindResourceExW
GetTempPathW
SearchPathW
GetProfileIntW
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetDiskFreeSpaceW
GetTempFileNameW
GetTickCount
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
VirtualProtect
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
ResumeThread
SetThreadPriority
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryW
GetPrivateProfileIntW
GetFileAttributesW
GlobalReAlloc
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetThreadLocale
GetStringTypeExW
MoveFileW
LoadLibraryExW
GlobalGetAtomNameW
lstrlenA
lstrcmpA
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryA
GetVersionExA
FreeResource
GlobalFree
FormatMessageW
LocalFree
FindClose
FindNextFileW
FindFirstFileW
LCMapStringW
CompareStringW
CompareStringA
CopyFileW
lstrcpyW
GlobalSize
SetCurrentDirectoryW
CreateThread
DeleteFileW
Sleep

user32

ShowOwnedPopups
WaitMessage
PostThreadMessageW
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
MapDialogRect
GetUpdateRect
TranslateMessage
SetRect
DrawEdge
DrawIconEx
GetSysColorBrush
CharUpperBuffW
LockWindowUpdate
GetMessageW
UpdateLayeredWindow
EnableScrollBar
ValidateRect
LoadImageW
DrawStateW
CopyImage
GetIconInfo
DestroyIcon
IsMenu
IsRectEmpty
GetCursorPos
MessageBeep
GetSystemMenu
DeleteMenu
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
SystemParametersInfoW
GetMenuItemInfoW
CharUpperW
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
BringWindowToTop
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
SetParent
SetWindowRgn
IsZoomed
MapVirtualKeyW
GetKeyNameTextW
GetWindowThreadProcessId
GetWindowDC
GrayStringW
DrawTextExW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
ShowWindow
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
MessageBoxW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetCaretPos
SetCursor
OffsetRect
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
PeekMessageW
OpenClipboard
IsWindowVisible
UpdateWindow
PtInRect
EnableMenuItem
SetRectEmpty
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
UnregisterClassW
SetCursorPos
GetNextDlgGroupItem
SetMenuDefaultItem
CopyAcceleratorTableW
FrameRect
GetMenuDefaultItem
CopyIcon
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
DefWindowProcW
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
FillRect
GetFocus
DestroyAcceleratorTable
CharNextW
GetClassNameW
IsChild
GetWindow
MapVirtualKeyExW
IsCharLowerW
GetWindowRgn
CreateMenu
DrawIcon
GetDoubleClickTime
DestroyCursor
UnregisterClassA
SetPropW
EnumChildWindows
SetFocus
SetCapture
InvalidateRgn
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
SetWindowPos
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
IntersectRect
UnionRect
KillTimer
SetTimer
RedrawWindow
GetSubMenu
LoadMenuW
PostMessageW
DrawFocusRect
InflateRect
DrawFrameControl
IsWindow
LoadBitmapW
GetDlgItem
GetParent
DrawTextW
SendMessageW
GetSysColor
CopyRect
InvalidateRect
GetWindowRect
EnableWindow
GetClientRect
TabbedTextOutW
SubtractRect

gdi32

RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
SelectPalette
GetObjectType
CreateHatchBrush
SaveDC
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
GetTextColor
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
GetRgnBox
ExtFloodFill
CreatePalette
GetPaletteEntries
SetPaletteEntries
EnumFontFamiliesExW
GetWindowOrgEx
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
GetClipBox
SetTextColor
GetDCOrgEx
DPtoLP
CreateBitmap
CreatePatternBrush
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgn
SetBkColor
CopyMetaFileW
ExtTextOutW
GetCharWidthW
GetTextMetricsW
CreateFontIndirectW
GetObjectW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
GetDeviceCaps
SelectObject
CreatePen
GetTextExtentPoint32W
CreateRoundRectRgn
GetStockObject
CreateRectRgnIndirect

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
IsTextUnicode
RegSetValueW
GetFileSecurityW
SetFileSecurityW
RegCreateKeyW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
DragAcceptFiles
SHCreateDirectoryExW
DragFinish
DragQueryFileW
SHGetFileInfoW
SHAppBarMessage
ExtractIconW
SHBrowseForFolderW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawEx

shlwapi

PathFindExtensionW
PathFileExistsW
StrStrA
StrStrW
PathRemoveFileSpecW
PathCombineW
StrCmpIW
StrStrIW
PathFindFileNameW
PathRemoveExtensionW
StrStrIA
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CoGetClassObject
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
OleInitialize
OleUninitialize
CoTaskMemFree
CoTaskMemRealloc
ReleaseStgMedium
OleDuplicateData
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
OleGetClipboard
CoCreateInstance
CLSIDFromString
StgCreateDocfileOnILockBytes

oleaut32

SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantChangeType
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysStringLen
SysFreeString

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdiplusShutdown

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
time_machine/更新日志.txt

Sharing

General

Malware Config

Signatures

Files

f32edad79869d15d4326d62670d65897

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

imm32

wininet

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 353KB - Virtual size: 353KB

.data Size: 30KB - Virtual size: 58KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 171KB - Virtual size: 171KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 353KB - Virtual size: 353KB

.data
Size: 30KB - Virtual size: 58KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 171KB - Virtual size: 171KB