34d58690d823ccf23fc92673e932c04a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34d58690d823ccf23fc92673e932c04a_JaffaCakes118
Size

11.2MB
MD5

34d58690d823ccf23fc92673e932c04a
SHA1

51f93c6ecd4d3e59061fa8b93e3d9c4f85e8387b
SHA256

a4cf638a59d48ec7099b5a21a996ba6d5b08a86b1dff210377ebad3f64d0e8fa
SHA512

53a1c14834682e4288d4007eb0dd64c86a5e1c9c3743d73999c0eff0faa1ed03fcd288dfe7e017931b1e882486e8d1ac738587c3d1496c8f16c47c80aa3c116e
SSDEEP

196608:UCkK1AbpbsPsbilN6933Bz2Qo77UktG3fitVROoaAi0WGWSY:Uf0QF3B5wtI0iHeWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jjbxb/jiajiabx.exe
unpack001/jjbxb/jjbx.ime
unpack001/jjbxb/jjbx64.ime
unpack001/jjbxb/卸载.exe
unpack001/jjbxb/安装.exe

Files

34d58690d823ccf23fc92673e932c04a_JaffaCakes118
.rar
jjbxb/background.bmp
jjbxb/bd/abc.txt
jjbxb/bd/jiajia.txt
jjbxb/bd/weiruanpy.txt
jjbxb/bd/ziguanpy.txt
jjbxb/bd0.txt
jjbxb/bd1.txt
jjbxb/bd2.txt
jjbxb/bd3.txt
jjbxb/bd4.txt
jjbxb/bd5.txt
jjbxb/bd6.txt
jjbxb/bd7.txt
jjbxb/bihua.bin
jjbxb/button.bmp
jjbxb/clc.bin
jjbxb/default.ini
jjbxb/dz.bin
jjbxb/fh0.txt
jjbxb/fh1.txt
jjbxb/fh2.txt
jjbxb/fh3.txt
jjbxb/fh4.txt
jjbxb/fh5.txt
jjbxb/fh6.txt
jjbxb/fh7.txt
jjbxb/fzm.bin
jjbxb/jiajiabx.exe
.exe windows:4 windows x86 arch:x86

e625dfd9659b81306f90de2bda9211e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sensapi

IsNetworkAlive

kernel32

CloseHandle
InterlockedIncrement
RaiseException
CreateThread
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpiW
CreateMutexW
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcess
Sleep
SetLastError
LoadLibraryA
FlushInstructionCache
GetVersionExW
GetCommandLineW
GetSystemDirectoryA
GetSystemDirectoryW
LeaveCriticalSection
MultiByteToWideChar
GetSystemInfo
EnterCriticalSection
WideCharToMultiByte
DeleteCriticalSection
SizeofResource
InitializeCriticalSection
LoadResource
GetProcessHeap
FindResourceW
WaitForSingleObject
GetDriveTypeW
InterlockedExchange
LoadLibraryExW
LockResource
lstrlenA
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleHandleA
GetStringTypeA
RtlUnwind
GetCurrentProcessId
HeapAlloc
InterlockedDecrement
HeapFree
GetModuleFileNameW
HeapReAlloc
lstrlenW
FindResourceExW
WritePrivateProfileStringW
VirtualProtect
GetPrivateProfileStringW
GetStringTypeW
GetThreadLocale
GetLocaleInfoA
GetACP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetSystemTimeAsFileTime
VirtualQuery
GetVersionExA
InterlockedCompareExchange

user32

UnregisterClassA
DestroyWindow
DispatchMessageW
DestroyIcon
TranslateMessage
SetTimer
GetMessageW
RegisterClassExW
PeekMessageW
PostMessageW
CharNextW
GetClassInfoExW
LoadCursorW
GetWindowLongW
PostQuitMessage
SetWindowLongW
CreateWindowExW
RegisterWindowMessageW
DefWindowProcW
CallWindowProcW
KillTimer
LoadIconW

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathStripToRootW

ws2_32

WSAStartup
WSACloseEvent
closesocket
inet_ntoa
WSASetLastError
htonl
inet_addr
WSAGetOverlappedResult
getservbyname
WSAGetLastError
WSASend
WSARecv
htons
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSASetEvent
WSACreateEvent
gethostbyaddr
WSASocketW
ntohs
getservbyport
WSACleanup
gethostbyname

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
jjbxb/jj_biaod.htm
.html
jjbxb/jjbx.ime
.dll windows:4 windows x86 arch:x86

8e8601ce57b762e9526bfdee2fa6573d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\JJ4\jjbxb\jjbx.pdb

Imports

imm32

ImmGetCompositionFontW
ImmGetOpenStatus
ImmSetOpenStatus
ImmAssociateContext
ImmLockIMC
ImmCreateIMCC
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmLockIMCC
ImmUnlockIMCC
ImmUnlockIMC

kernel32

UnlockFile
FlushFileBuffers
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
DuplicateHandle
lstrlenA
GlobalFree
GlobalHandle
MultiByteToWideChar
MulDiv
CompareStringW
lstrcpyA
GetModuleFileNameW
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
lstrcpynW
WinExec
GetPrivateProfileSectionW
GetSystemDirectoryW
GetSystemInfo
FindNextFileW
DeleteFileW
GetPrivateProfileStringW
GetFileAttributesExW
LCMapStringW
GetCurrentProcessId
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
ExitProcess
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
LockFile
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetCommandLineA
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetEndOfFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetLastError
lstrcmpiW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GlobalLock
GlobalUnlock
GetCurrentThreadId
WritePrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
lstrcpyW
lstrlenW
lstrcmpW
CreateFileW
CreateFileMappingW
GetEnvironmentStrings
MapViewOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
SetEnvironmentVariableA
GlobalAlloc
GetVersionExW
UnmapViewOfFile
GetCurrentProcess
FlushInstructionCache
LocalFree
MoveFileW
CopyFileW
CreateDirectoryW
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
WriteFile
ReadFile
GetFileSize
InterlockedExchange
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
CreateMutexW
GetTickCount
Sleep
CloseHandle
WaitForSingleObject
IsDebuggerPresent

user32

MessageBoxW
GetSysColor
GetFocus
ReleaseCapture
DrawFocusRect
FillRect
CallWindowProcW
GetDlgCtrlID
IsWindowEnabled
OffsetRect
GetDC
CharNextW
DrawTextW
ReleaseDC
EndPaint
BeginPaint
FindWindowExW
SetDlgItemTextW
SendDlgItemMessageW
DialogBoxParamW
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
SetRectEmpty
EnableWindow
CharUpperW
MoveWindow
MessageBeep
SetFocus
SetDlgItemInt
GetDlgItemInt
MapDialogRect
EndDialog
GetParent
GetClientRect
MapWindowPoints
SetWindowContextHelpId
GetDlgItem
GetWindow
CreateWindowExW
InvalidateRgn
RedrawWindow
IsChild
GetDesktopWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
CallNextHookEx
SetWindowsHookExW
GetActiveWindow
keybd_event
GetWindowThreadProcessId
TrackPopupMenuEx
RegisterClassW
LoadIconW
LoadImageW
DialogBoxIndirectParamW
GetWindowTextLengthW
GetSubMenu
LoadCursorW
SetCursor
UpdateWindow
TrackMouseEvent
GetMenuStringW
DestroyMenu
RemoveMenu
EnableMenuItem
CheckMenuItem
AppendMenuW
LoadMenuW
LoadBitmapW
ShowWindow
GetSystemMetrics
MonitorFromWindow
GetCapture
SetCapture
GetCursorPos
ScreenToClient
GetKeyState
PostMessageW
UnregisterClassW
SetTimer
KillTimer
GetWindowRect
IsWindowVisible
SetWindowPos
SetWindowRgn
SetLayeredWindowAttributes
InvalidateRect
DefWindowProcW
DestroyWindow
UnhookWindowsHookEx
GetAncestor
GetWindowTextW
SetWindowTextW
MonitorFromRect
MonitorFromPoint
GetMonitorInfoW
SystemParametersInfoW
IsWindow
GetCaretPos
ClientToScreen
GetClassNameW
SendMessageW
EqualRect
PtInRect
CopyRect
GetWindowLongW
SetWindowLongW
GetWindowDC
UnregisterClassA

gdi32

CreateCompatibleBitmap
DeleteDC
CreateDCW
SetBkColor
MaskBlt
ExtTextOutW
DeleteObject
CreateFontW
GetDeviceCaps
SetBkMode
SetTextColor
FillRgn
FrameRgn
ExtSelectClipRgn
PatBlt
CreateSolidBrush
GetMapMode
SetMapMode
GetViewportExtEx
GetWindowExtEx
GetObjectW
CreateFontIndirectW
GetStockObject
RectVisible
TextOutW
GetTextExtentPoint32W
SelectObject
CreateRoundRectRgn
CreateCompatibleDC
CreateBitmap
BitBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW
GetFileTitleW

advapi32

GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
FreeSid

shell32

ShellExecuteW

ole32

OleLockRunning
StringFromGUID2
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VariantClear
OleLoadPicture

shlwapi

PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

comctl32

PropertySheetW
CreatePropertySheetPageW
ord17
_TrackMouseEvent
DestroyPropertySheetPage

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jjbxb/jjbx64.ime
.dll windows:4 windows x64 arch:x64

162a80fd80181a165d45b6ebb3f399b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\JJ4\jjbxb\jjbx64.pdb

Imports

imm32

ImmGetCompositionFontW
ImmGetOpenStatus
ImmSetOpenStatus
ImmAssociateContext
ImmLockIMC
ImmCreateIMCC
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmLockIMCC
ImmUnlockIMCC
ImmUnlockIMC

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
DuplicateHandle
lstrlenA
MultiByteToWideChar
MulDiv
GlobalFree
GlobalHandle
CompareStringW
lstrcpyA
GetModuleFileNameW
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
lstrcpynW
WinExec
GetPrivateProfileSectionW
GetSystemDirectoryW
GetSystemInfo
FindNextFileW
DeleteFileW
GetPrivateProfileStringW
GetFileAttributesExW
LCMapStringW
GetCurrentProcessId
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
ExitProcess
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
RtlVirtualUnwind
IsDebuggerPresent
TerminateProcess
FlushFileBuffers
TlsSetValue
FlsFree
TlsFree
FlsGetValue
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlCaptureContext
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
HeapSetInformation
GetCommandLineA
FlsSetValue
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnlockFile
LockFile
SetEndOfFile
SetFilePointer
SetLastError
lstrcmpiW
GetEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryA
GetStringTypeA
GetStringTypeW
GlobalLock
GlobalUnlock
GetCurrentThreadId
WritePrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
lstrcpyW
lstrlenW
lstrcmpW
FreeEnvironmentStringsW
CreateFileW
CreateFileMappingW
MapViewOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
SetEnvironmentVariableA
GlobalAlloc
GetVersionExW
UnmapViewOfFile
GetCurrentProcess
FlushInstructionCache
LocalFree
MoveFileW
CopyFileW
CreateDirectoryW
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
WriteFile
ReadFile
GetFileSize
GetLastError
InitializeCriticalSection
EnterCriticalSection
__C_specific_handler
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
CreateMutexW
GetTickCount
Sleep
CloseHandle
WaitForSingleObject
FlsAlloc

user32

MessageBoxW
GetSysColor
GetFocus
ReleaseCapture
DrawFocusRect
FillRect
CallWindowProcW
GetDlgCtrlID
IsWindowEnabled
OffsetRect
CharNextW
DrawTextW
DialogBoxIndirectParamW
ReleaseDC
GetWindowDC
EndPaint
DialogBoxParamW
FindWindowExW
SetDlgItemTextW
CharUpperW
MoveWindow
SendDlgItemMessageW
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
SetRectEmpty
EnableWindow
MessageBeep
SetFocus
SetDlgItemInt
GetDlgItemInt
MapDialogRect
EndDialog
GetParent
InvalidateRgn
RedrawWindow
IsChild
GetDesktopWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
CallNextHookEx
SetWindowsHookExW
GetActiveWindow
keybd_event
GetWindowThreadProcessId
TrackPopupMenuEx
RegisterClassW
LoadIconW
LoadImageW
BeginPaint
GetClientRect
MapWindowPoints
SetWindowContextHelpId
GetDlgItem
GetWindow
CreateWindowExW
GetWindowTextLengthW
GetSubMenu
LoadCursorW
SetCursor
UpdateWindow
TrackMouseEvent
GetMenuStringW
DestroyMenu
RemoveMenu
EnableMenuItem
CheckMenuItem
AppendMenuW
LoadMenuW
LoadBitmapW
ShowWindow
GetSystemMetrics
MonitorFromWindow
GetCapture
SetCapture
GetCursorPos
ScreenToClient
GetKeyState
PostMessageW
UnregisterClassW
SetTimer
KillTimer
GetWindowRect
IsWindowVisible
SetWindowPos
SetWindowRgn
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
SetLayeredWindowAttributes
InvalidateRect
DefWindowProcW
DestroyWindow
UnhookWindowsHookEx
GetAncestor
GetWindowLongW
GetWindowTextW
SetWindowTextW
MonitorFromRect
MonitorFromPoint
GetMonitorInfoW
SystemParametersInfoW
IsWindow
GetCaretPos
ClientToScreen
GetClassNameW
SendMessageW
EqualRect
PtInRect
CopyRect
GetDC
UnregisterClassA

gdi32

BitBlt
CreateCompatibleDC
CreateRoundRectRgn
SelectObject
GetTextExtentPoint32W
DeleteObject
CreateCompatibleBitmap
CreateFontW
GetDeviceCaps
SetBkMode
SetTextColor
FillRgn
FrameRgn
ExtSelectClipRgn
PatBlt
CreateSolidBrush
GetMapMode
SetMapMode
GetViewportExtEx
GetWindowExtEx
GetObjectW
CreateFontIndirectW
GetStockObject
RectVisible
TextOutW
DeleteDC
CreateDCW
SetBkColor
MaskBlt
CreateBitmap
ExtTextOutW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW
GetFileTitleW

advapi32

GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
FreeSid

shell32

ShellExecuteW

ole32

OleLockRunning
StringFromGUID2
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysStringLen
SysFreeString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
OleLoadPicture
VariantInit
SysAllocStringLen

shlwapi

PathIsUNCW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW

comctl32

PropertySheetW
CreatePropertySheetPageW
ord17
_TrackMouseEvent
DestroyPropertySheetPage

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jjbxb/license.rtf
.rtf
jjbxb/pinyin.bin
jjbxb/py/lib/基础词库.cky
jjbxb/py/lib/豪华扩充词库.cky
jjbxb/pyfu.bin
jjbxb/pytips.htm
.html
jjbxb/readme.htm
.html
jjbxb/skins/卡通狗.jsn
jjbxb/skins/圣诞快乐.jsn
jjbxb/skins/幽幽兰香.jsn
jjbxb/skins/淡雅.jsn
jjbxb/skins/福临门.jsn
jjbxb/spyb.ini
jjbxb/top0.txt
jjbxb/top1.txt
jjbxb/top2.txt
jjbxb/top3.txt
jjbxb/top4.txt
jjbxb/top5.txt
jjbxb/top6.txt
jjbxb/top7.txt
jjbxb/uh.txt
jjbxb/usrword.txt
jjbxb/卸载.exe
.exe windows:4 windows x86 arch:x86

5996501ff7357cd6e3015d9ec19b82ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\JJ4\jjbxb\uninst.pdb

Imports

kernel32

GetDriveTypeW
FindResourceExW
GetProcAddress
GetModuleHandleW
DeleteFileW
LoadResource
FlushFileBuffers
CloseHandle
GetSystemDirectoryW
LockResource
GetVersionExW
GetModuleFileNameW
SizeofResource
lstrlenW
GetCurrentProcess
FindResourceW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

MessageBoxW
SendMessageW
FindWindowExW
UnloadKeyboardLayout
UnregisterClassA

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW

shell32

ShellExecuteW
ord680

shlwapi

PathStripToRootW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
jjbxb/安装.exe
.exe windows:4 windows x86 arch:x86

be59f13ee50811c0cf5b8d2b0a978d83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\JJ4\jjbxb\setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmInstallIMEW

kernel32

FindFirstFileW
FindClose
FindResourceExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetVersionExW
GetSystemDirectoryW
GetDriveTypeW
LoadResource
LoadLibraryA
SizeofResource
GetCurrentProcess
FindResourceW
FindNextFileW
CopyFileW
CreateDirectoryW
LocalFree
LockResource
GetFileAttributesW
UnhandledExceptionFilter
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetStartupInfoW
GetLastError
TerminateProcess
GetLocaleInfoA
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

MessageBoxW
UnregisterClassA

advapi32

FreeSid
GetUserNameW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
SetNamedSecurityInfoW
RegOpenKeyExW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW

shell32

ShellExecuteW
ord680

shlwapi

PathStripToRootW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
jjbxb/新云软件.url
.url
安装说明.txt
更新安装须知.txt

Sharing

General

Malware Config

Signatures

Files

e625dfd9659b81306f90de2bda9211e0

Headers

File Characteristics

Imports

sensapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 2KB

8e8601ce57b762e9526bfdee2fa6573d

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 25KB - Virtual size: 24KB

162a80fd80181a165d45b6ebb3f399b5

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 616KB - Virtual size: 616KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 20KB - Virtual size: 29KB

.pdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 5KB - Virtual size: 4KB

5996501ff7357cd6e3015d9ec19b82ce

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 25KB - Virtual size: 24KB

.text
Size: 616KB - Virtual size: 616KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 20KB - Virtual size: 29KB

.pdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB