312f14e3c8a60277d1924958eb265102_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

312f14e3c8a60277d1924958eb265102_JaffaCakes118
Size

784KB
MD5

312f14e3c8a60277d1924958eb265102
SHA1

015519e7fa769dec578b0e9d3a901be509bf1594
SHA256

bd895df8459699f10597d5119ade257f2b0903b33c4ab2be954690605f553fec
SHA512

3b984f315e07ee8a44be91c1cd2229b4dd6d47dfff5914fce55a8ade49366ad6c7401eedb81cfa9ee36e4087b949a4baf9cf82968396f4f01dc5f0add577501f
SSDEEP

24576:njyEGIVYMgAuyU6LToYz43eQ2M1o+fn+k3AgA:nmKuAuyJPoYM3eQ2EoU+N

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/QQ农牧小分队1.0/QQ农牧小分队1.0.0(alpha内测版).exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ农牧小分队1.0/QQ农牧小分队1.0.0(alpha内测版).exe

Files

312f14e3c8a60277d1924958eb265102_JaffaCakes118
.rar
QQ农牧小分队1.0/QQ农牧小分队1.0.0(alpha内测版).exe
.exe windows:5 windows x86 arch:x86

59a8b9e46d5fb7556b33782766a95a50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
RaiseException
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
VirtualQuery
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetFileTime
GetFileSizeEx
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrlenA
InterlockedIncrement
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetThreadLocale
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
FreeResource
FormatMessageW
LocalFree
lstrlenW
MulDiv
SetFileTime
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
DeleteFileW
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentProcess
FindClose
FindFirstFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetFilePointer
ReadFile
GetFileSize
TerminateThread
SetLastError
LoadLibraryW
GetLastError
GetProcAddress
GetModuleHandleW
WriteFile
CreateFileW
CloseHandle
CreateDirectoryW
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuState
GetMenuItemID
wsprintfW
SetCapture
ReleaseCapture
PtInRect
MapWindowPoints
TrackMouseEvent
ShowCursor
DrawIconEx
GetSysColorBrush
IsWindow
LoadCursorW
RedrawWindow
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FrameRect
LoadImageW
CreateIconIndirect
GetIconInfo
ReleaseDC
GetSysColor
FillRect
DrawStateW
OffsetRect
DrawFocusRect
InflateRect
CopyRect
PostMessageW
TrackPopupMenuEx
GetActiveWindow
WindowFromPoint
ClientToScreen
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongW
CharUpperW
UnregisterClassW
DestroyIcon
DestroyMenu
EnableWindow
SendMessageW
DestroyCursor
KillTimer
GetWindowRect
SetForegroundWindow
SetActiveWindow
GetCursorPos
GetSubMenu
ExitWindowsEx
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
GetClientRect
LoadMenuW
AppendMenuW
GetSystemMenu
RegisterClipboardFormatW
InvalidateRect
LoadIconW
GetDC
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
GetMenuItemCount
CharNextW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetFocus
TranslateMessage
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetMessageW
MessageBoxW

gdi32

TextOutW
ExtTextOutW
Escape
CreateFontW
CreatePen
Rectangle
GetDIBits
SetDIBits
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetClipBox
LineTo
MoveToEx
RectVisible
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetMapMode
GetRgnBox
SetBoundsRect
PtVisible
SetPixel
GetPixel
SetTextColor
SetBkColor
CreateBitmap
BitBlt
CreateCompatibleBitmap
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetViewportExtEx
CreateSolidBrush
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
LookupPrivilegeValueW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
OpenProcessToken
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
StrCatW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SystemTimeToVariantTime
VariantCopy
SysStringLen
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
VariantClear
VariantTimeToSystemTime
VariantChangeType

iphlpapi

GetAdaptersInfo

gdiplus

GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDrawImageI
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree

winmm

sndPlaySoundW

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
DeleteUrlCacheEntryW
InternetReadFile

Exports

Exports

��嵐�0��ԯ��*ș�%�_+tyΉҌH-uj��QKqO��Aͣ��ȅ��G��Nd$p ��q��=˥�Wy/v.$��O�ѵг;��z�Gei>%�e�=��#��T��lC��[�O��B�8��8%�F��5�qu��dk�J� ��22�A��U�.��g��tQ&O��RaSac7�'�L�`D��C,Ŷ XWoۊy��0�ǐj�rզAW�qA�PulYIƎ��J� �|y�A��q��ٍ�C�Cڽ��"��-� �#}0}�ky��M�r��bQ�Ls�p�C�#�#Ϧ_�O�n�n��]:]y��1JT��E�A�� :�Q��(��숴mg�Pb=�� ້��w�_��Tvw��q��O,zד /��'.W|n��ɹ�8��Q\��7!nm,1��5MM��n��H�/-��ྍPn'�m&�K�(k�P�_O�aN��N�Z�sUmeq�ɇi`�r��*&�T��Q�+]��,.D�mU�a4J�r�#ľw��m�rL��"�n8��F%R��jF;P��}ƺ��=D~��!'k��'� ��L��~��4 ��̽��#/��w:��D(#�� ־�5��do7�c��8?׹��ɷ�x^��~��Ih`��Z��"��,|D��ʰ�)�9ۼ�@�M?{��_j��UV�"�c�o[��A,!y��R��̶�-�S=亢(Nܳ_5k~@�huPr?O��t��_�z攲p)K�+ܗ��^�/��<��p�K�_��8"L�zv^gR��r��X��G�J�W<��1��s�&�e�P�� J-��8��F��X9��8�j��9?��oA�{�R�I�*Z�]LL3�rc��@M�\��kg�Fl��BInޕ+��ں�7;Ұ��k+Q�Y��8��ۜ�2�D��X��M�s��0�ޣs3�b�G�� \y��_:,X16��H�P��1J�.�_ ƨ�G�Y�?��y��5�m�yx%V��V��\�bz�}$|�WO�E�Ǎ�%=Q�4KcI��E��Q�d��4\w�a��,2��)�&��k�L,:&��Z��>��6��)ȸ��cVM��|�oӿ�.U��$�ކ��G!��p��"�,��aE��zΦ'�dU��[�W�ؒ��|�NbU ��.Q� ��%�;�a%L�·g%%ѱ��Xe�u��o�!� ];͍94�uP�\J:�F3��y�PW��BͿ�(`��+=�?4�y�1�6R��9�'��۹2�x@��]3�÷�4�V�3�+��Q=8�4Z�r��w�+�&��ĸ��r��$!\��Y��WH�Óƕ��sX$��0��/�C�s~��#��0��G�4-Lc={٤p��uT({�S�,:(ě� xiYͫy��|*��[�E�y�O<d��Y�؀m ��?o��j��X��C�= ��13�M��{��],�d{��Q�&�҂�Jo*mY��Z� ��Ugn_��HL��*��t2��!�c"�Pr ��^5�� O@H��dĨ�}��X�7�С�Xf=�o�B:��Ja�`�q��1*[��q|a�Nv�V�� 8�Vs2��!tm�S֢��O�=l,��E-��%�C�8FJ��}��ULz�~�Z�Q��`�y־��ZC�c)y�Y�>��F��z�깄 ��m�\�zÃ�`��%�nٕ�Xò��FF�\'�f�5Ցs ة��2{9{`�Ď6T��+�ܑ��c�y:�&W0��`|K�@�Cq�� l$( �J�5�l ��i�K��݅��쯨яk.��JG&k��y��;��J�`0O� �?�;$p��Y��#�Ҭ��F}G��;�%ac��܋�g�^{s�D��PA8�!�B��i� ��BJ��K+�� $�z�L�f�\��H��x˚��.R�s8އ��5�F T��w�o��z%�@vǋ?�S��b�۴G=��"o��T)��K�Ѐ��p�� rMս�r��<�)o?�\�T��l)�x��"*NKτ��-"�� v�(ϯL娪/�![c��bc�\��D��`��\�f��J�ys�{q ��$��:O�e��~�u��ΎO��R�a�f��W�(k)=��uʣr��>�� R�Za��gX|��0�E逼pW�ɑ��R��Yt��Y��P1�(��/EJ�֚'�BH��ۂJ��ݳ]��!p��(Y��5[�̾��3�y�2�؍/��?��2�8��d-N*��丱W�Z84:��Z��>��A�D�q��@�l��Mt`&��M�Vj��͸��q�J}��$��<��R�ڮ��<̽��"��E��%��o--b�+��h��k��#�M�M��\EX_��F��]~}�B<�&��gs�)�BG;7��'��q�sS�?��r,��d�PM�A�r6]�'.H䙲��o� t0��U9 o��Чm�� Z�$]z.C��;��U��J?}�I^?��Q��Q��.0Y��Ў �4/F�i��O�%��w(�g�c�w �U��Hw��AߣW5)'��[x�TYV�p�Y��<@IE�R@��Q��R4)J��q�p��?��q�s�� s o��!a��)}`�s�p�b12EM�DU�[��\3�=0�|~��e(R&ߡ��Y��*uwǥ��=8|�ޞ��V�#S;"�{�o�$�_=�X#~eУF�|�]�ٯDD(d��XkP�� [�k��4��W��q>�dg�\&�y��(��uCW�1�@�ҡ��j��3T@�(��ӭ1�E� 7�� R5��Q��i?U�)t�K1�f4�h��*xl�5�&��Ϻ

Sections

.text
Size: - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ农牧小分队1.0/animals.xml
.xml
QQ农牧小分队1.0/bubble.wav
QQ农牧小分队1.0/config.xml
.xml
QQ农牧小分队1.0/crop.xml
.xml
QQ农牧小分队1.0/crop_ext.xml
QQ农牧小分队1.0/dindong.wav
QQ农牧小分队1.0/免责声明.txt
QQ农牧小分队1.0/说明.txt

Sharing

General

Malware Config

Signatures

Files

59a8b9e46d5fb7556b33782766a95a50

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

gdiplus

winmm

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 638KB

.rdata Size: - Virtual size: 149KB

.data Size: - Virtual size: 31KB

.rsrc Size: 65KB - Virtual size: 86KB

.vmp0 Size: - Virtual size: 58KB

.vmp1 Size: - Virtual size: 253KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 695KB - Virtual size: 694KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: - Virtual size: 638KB

.rdata
Size: - Virtual size: 149KB

.data
Size: - Virtual size: 31KB

.rsrc
Size: 65KB - Virtual size: 86KB

.vmp0
Size: - Virtual size: 58KB

.vmp1
Size: - Virtual size: 253KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 695KB - Virtual size: 694KB

.reloc
Size: 512B - Virtual size: 316B