311c5ab33b0a84f338d728ccbc816760_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

311c5ab33b0a84f338d728ccbc816760_JaffaCakes118
Size

120KB
MD5

311c5ab33b0a84f338d728ccbc816760
SHA1

5289ec974506ae4e2351e0fc11a259fd966f7641
SHA256

7ea3cb556aabdd4d43a7abae30e3dd71c5a18751877a9606a242e73c8404822b
SHA512

0cee0b26b140446bf4cb369a9a4ca2ce2a254a8827752d6fe2cf1eef4219fe664ce3afe1688e68fc73d587a84b9bfedd2124e85b7ea0794753f27bce042b23fc
SSDEEP

3072:dbRLFWCikuW5AWyn10tz+DXi1uyEvINzKKjYaOlQV:5puWaWyneBSNvAzKALV

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LoveString200/ANSI_1.85/LoveString.exe
unpack001/LoveString200/ANSI_1.85/winhook.dll
unpack001/LoveString200/UNICODE_2.00/LoveString.exe
unpack001/LoveString200/UNICODE_2.00/winhook.dll

Files

311c5ab33b0a84f338d728ccbc816760_JaffaCakes118
.rar
LoveString200/ANSI_1.85/LoveString.exe
.exe windows:4 windows x86 arch:x86

ac2bdb328f8c4aaa16290aa0ea058761

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winhook

?StartHOOK@CWinHOOK@@QAEHPADI@Z
?StopHOOK@CWinHOOK@@QAEHXZ
?SetFontToCtrl@CWinHOOK@@QAEXPADII@Z
?GetDefIndex@CWinHOOK@@QAEHXZ
??1CWinHOOK@@UAE@XZ
??0CWinHOOK@@QAE@XZ

mfc42

ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2055
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord4441
ord2648
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord800
ord795
ord1146
ord1168
ord540
ord567
ord825
ord2976
ord3081
ord3626
ord858
ord2379
ord2864
ord2652
ord1669
ord5875
ord1641
ord3797
ord2860
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6215
ord3521
ord3663
ord2414
ord4160
ord3798
ord4837
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord2302
ord4234
ord3716
ord790
ord3571
ord3610
ord2575
ord4396
ord3574
ord809
ord656
ord609
ord556
ord4220
ord2584
ord3654
ord1087
ord3092
ord2122
ord6378
ord6197
ord3870
ord6199
ord2818
ord3522
ord2438
ord2863
ord4710
ord6380
ord3874
ord860
ord3019
ord2516
ord4275
ord755
ord470
ord939
ord537
ord6877
ord4204
ord922
ord4278
ord6453
ord6403
ord6402
ord6111
ord4694
ord6270
ord1175
ord6195
ord5981
ord1644
ord2370
ord1949
ord3810
ord920
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3619
ord2621
ord5265
ord2086
ord823
ord361
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_exit
_ftol
_CxxThrowException
isxdigit
wcslen
strcmp
strcpy
strlen
strcat
free
_strdup
__CxxFrameHandler
_setmbcp

kernel32

GetLastError
MulDiv
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GlobalUnlock
GlobalLock
SetLastError
GetStartupInfoA
GetModuleFileNameA
CreateMutexA

user32

GetParent
SetWindowLongA
SendMessageA
InvalidateRect
GetClientRect
EnableWindow
IsWindow
FindWindowA
LoadIconA
SetCapture
GetWindowRect
CheckMenuRadioItem
GetSubMenu
EnableMenuItem
AppendMenuA
GetSystemMenu
GetWindowLongA
LoadStringA
InsertMenuA
DeleteMenu
SetClipboardViewer
ChangeClipboardChain
CheckMenuItem
PtInRect
DrawIcon
GetSystemMetrics
IsIconic
CloseClipboard
GetClipboardData
OpenClipboard
GetPriorityClipboardFormat
IsWindowVisible
GetCursorPos
SetMenuDefaultItem
LoadBitmapA
LoadMenuA
KillTimer
ReleaseCapture
PostMessageA
SetCursor
LoadCursorA
GetMenuState
SetForegroundWindow
GetDC

gdi32

CreateFontA
TranslateCharsetInfo
GetDeviceCaps
GetObjectA
CreateFontIndirectA
GetStockObject

shell32

ShellExecuteA
Shell_NotifyIconA

oleaut32

SysFreeString
SysAllocStringLen

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LoveString200/ANSI_1.85/winhook.dll
.dll windows:4 windows x86 arch:x86

fd3ccfa2e117d4e62b8eef300f77bb97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord800
ord860
ord3663
ord1182
ord537
ord540
ord825
ord823
ord2818
ord939
ord1253
ord342
ord1168

msvcrt

_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
strstr
strcmp
_adjust_fdiv
strcpy
wcslen
strlen
strcat
__CxxFrameHandler

kernel32

SetLastError
MultiByteToWideChar

user32

SetWindowTextA
SetWindowPos
GetWindowRect
GetClientRect
GetParent
CallNextHookEx
CreateWindowExA
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowLongA
LoadStringA
GetWindowTextA
FindWindowExA
GetClassNameA

gdi32

CreateFontA

oleaut32

SysAllocStringLen
SysFreeString

Exports

Exports

??0CWinHOOK@@QAE@XZ
??1CWinHOOK@@UAE@XZ
??_7CWinHOOK@@6B@
?GetDefIndex@CWinHOOK@@QAEHXZ
?SetFontToCtrl@CWinHOOK@@QAEXPADII@Z
?StartHOOK@CWinHOOK@@QAEHPADI@Z
?StopHOOK@CWinHOOK@@QAEHXZ

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LSShareD
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LoveString200/Readme.txt
LoveString200/UNICODE_2.00/LoveString.exe
.exe windows:4 windows x86 arch:x86

ad212f2771578552f3a24df767b9b709

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winhook

??0CWinHOOK@@QAE@XZ
?SetFontToCtrl@CWinHOOK@@QAEXPAGII@Z
?SetFindRepCaption@CWinHOOK@@QAEXPAG@Z
?StopHOOK@CWinHOOK@@QAEHXZ
?GetDefIndex@CWinHOOK@@QAEHXZ
?StartHOOK@CWinHOOK@@QAEHPAGI0II@Z
??1CWinHOOK@@UAE@XZ

mfc42u

ord5856
ord1172
ord2400
ord2088
ord538
ord6051
ord4073
ord1768
ord4401
ord2377
ord5157
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord3744
ord1720
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord6372
ord4621
ord4418
ord807
ord2915
ord2004
ord2112
ord554
ord4158
ord1637
ord4075
ord940
ord941
ord942
ord5783
ord4128
ord4292
ord1614
ord2756
ord4197
ord5852
ord536
ord2444
ord2745
ord1192
ord537
ord472
ord5568
ord2914
ord5446
ord6390
ord5436
ord6379
ord2567
ord5286
ord3397
ord4390
ord5237
ord6370
ord5059
ord5257
ord2438
ord3569
ord809
ord609
ord556
ord567
ord4270
ord4279
ord2371
ord5047
ord1143
ord2966
ord6266
ord3871
ord613
ord6871
ord289
ord2114
ord4155
ord1088
ord6193
ord283
ord3579
ord543
ord803
ord3737
ord818
ord1263
ord1229
ord1165
ord3792
ord4294
ord2397
ord2859
ord2855
ord755
ord470
ord1264
ord2385
ord4118
ord1850
ord6174
ord6597
ord4211
ord1851
ord816
ord562
ord3133
ord3701
ord3870
ord2836
ord2099
ord3716
ord795
ord2644
ord1662
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord6211
ord3516
ord2078
ord3614
ord5261
ord4370
ord4847
ord4992
ord2506
ord6048
ord1767
ord5276
ord4419
ord3592
ord641
ord324
ord2294
ord4229
ord3711
ord790
ord3605
ord656
ord1087
ord3087
ord6374
ord3517
ord3865
ord6195
ord2810
ord4704
ord860
ord6868
ord4199
ord922
ord4273
ord6451
ord6399
ord6398
ord6107
ord4688
ord6191
ord6376
ord2362
ord1190
ord1148
ord5706
ord6867
ord1634
ord858
ord2606
ord5784
ord2559
ord2406
ord5679
ord4272
ord2755
ord4124
ord5871
ord3621
ord3688
ord3568
ord3566
ord2854
ord5602
ord2858
ord4078
ord6138
ord823
ord2430
ord3658
ord3649
ord2576
ord4215
ord1854
ord825
ord500
ord3696
ord772
ord540
ord861
ord535
ord800
ord686
ord384
ord323
ord1633
ord5781
ord6190
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2423
ord3084
ord4768
ord5977
ord2613
ord1569

msvcrt

fclose
free
memset
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
wcscmp
memcpy
memmove
wcsncpy
_wcsdup
wcscat
_itow
strlen
isxdigit
_CxxThrowException
fwrite
sprintf
fopen
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp

kernel32

SetLastError
GlobalLock
GlobalUnlock
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
MulDiv
CreateMutexW
GetLastError
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
lstrcmpiW
FindResourceW
LoadResource
LockResource
GetCPInfo
GetVersion
GetStartupInfoW
GetVersionExW

user32

DrawStateW
OffsetRect
LoadImageW
FrameRect
LoadCursorW
DefWindowProcW
GetClassInfoW
SetWindowLongW
RedrawWindow
CopyImage
SetCapture
PtInRect
ReleaseCapture
ScreenToClient
GetCursorPos
GetCapture
DrawFrameControl
IsZoomed
IsIconic
SetActiveWindow
GetWindowRect
CallWindowProcW
SetRectEmpty
LoadIconW
SetForegroundWindow
SetRect
FindWindowW
CheckMenuRadioItem
EnableMenuItem
GetSystemMenu
LoadStringW
SetMenuDefaultItem
DrawIcon
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
InflateRect
GetClientRect
ClientToScreen
SetClipboardViewer
GetMenuItemInfoW
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageW
GetWindowLongW
DestroyCursor
EnableWindow
GetMenuStringW
GetSubMenu
GrayStringW
DrawTextW
TabbedTextOutW
LoadBitmapW
GetSysColorBrush
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuW
GetMenuItemCount
AppendMenuW
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoW
GetSysColor
CopyRect
FillRect
DrawFocusRect
PostMessageW
GetPriorityClipboardFormat
IsWindowVisible
DrawEdge
CheckMenuItem
IsRectEmpty
IsWindow

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateDIBSection
SetPixel
Ellipse
TextOutW
PtVisible
RectVisible
PatBlt
CreateSolidBrush
ExtTextOutW
Escape
GetStockObject
SetTextColor
SetBkColor
CreateBitmap
StretchBlt
CombineRgn
CreateRectRgn
CreateFontW
TranslateCharsetInfo
CreatePen
GetBkMode
GetPixel
GetDeviceCaps
GetObjectW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW

comctl32

ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent

oleaut32

SysFreeString
SysAllocStringLen

winmm

PlaySoundW

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LoveString200/UNICODE_2.00/LoveString.ini
LoveString200/UNICODE_2.00/winhook.dll
.dll windows:4 windows x86 arch:x86

fd76f5c5dcde6b0ff3f043a5b7149cd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord861
ord825
ord3658
ord1179
ord800
ord537
ord538
ord540
ord860
ord940
ord1248
ord823
ord2810
ord342
ord1165

msvcrt

wcscmp
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv
_except_handler3
wcsstr
wcscat
wcslen
strlen
wcscpy
__CxxFrameHandler

kernel32

MultiByteToWideChar
WideCharToMultiByte
SetLastError

user32

SetWindowTextW
SetWindowPos
GetWindowRect
GetClientRect
GetParent
CallNextHookEx
CreateWindowExW
SendMessageW
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowLongW
LoadStringW
GetWindowTextW
FindWindowExW
GetClassNameW

gdi32

CreateFontW

oleaut32

SysAllocStringLen
SysFreeString

Exports

Exports

??0CWinHOOK@@QAE@XZ
??1CWinHOOK@@UAE@XZ
??_7CWinHOOK@@6B@
?GetDefIndex@CWinHOOK@@QAEHXZ
?SetFindRepCaption@CWinHOOK@@QAEXPAG@Z
?SetFontToCtrl@CWinHOOK@@QAEXPAGII@Z
?StartHOOK@CWinHOOK@@QAEHPAGI0II@Z
?StopHOOK@CWinHOOK@@QAEHXZ

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LSShareD
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LoveString200/readme.gif
LoveString200/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

ac2bdb328f8c4aaa16290aa0ea058761

Headers

File Characteristics

Imports

winhook

mfc42

msvcrt

kernel32

user32

gdi32

shell32

oleaut32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 704B

.rsrc Size: 20KB - Virtual size: 20KB

fd3ccfa2e117d4e62b8eef300f77bb97

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

oleaut32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 280B

LSShareD Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 940B

ad212f2771578552f3a24df767b9b709

Headers

File Characteristics

Imports

winhook

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

winmm

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 22KB - Virtual size: 21KB

fd76f5c5dcde6b0ff3f043a5b7149cd1

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

oleaut32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 412B

LSShareD Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 990B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 704B

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 280B

LSShareD
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 412B

LSShareD
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 990B