360ffe461551ba962cb75a75a38281a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

360ffe461551ba962cb75a75a38281a7_JaffaCakes118
Size

1.9MB
MD5

360ffe461551ba962cb75a75a38281a7
SHA1

acb3b84203260447389b397c4c977f804798dd38
SHA256

2aac264b410f38c12dbd0efb6d7c8a576874ac74bdafc711c15cdf477d817e23
SHA512

75c282dcc3ffb47c870606f834bdd957a9e3477224d2731dd2335161a1b218c20c7739a529be416ecabc7bf4e12b063dbdb51d2ef9d667e56003557d5219fb32
SSDEEP

49152:cagvOBeEVlwpNtJNAWag0u4jyeCMLVVO0XI9l2jsQm3aySyLD5ob6l:cagvSVl8QWt0VjyedO0XI9R9/xD26l

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/系统精灵/SkinH_EL.dll
unpack001/系统精灵/系统管理精灵2.0.exe

Files

360ffe461551ba962cb75a75a38281a7_JaffaCakes118
.rar
系统精灵/1.skn
系统精灵/42.skn
系统精灵/99.she
系统精灵/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
RtlUnwind
IsBadCodePtr
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetFilePointer
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
MulDiv
VirtualProtect
FlushInstructionCache
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetVersion
GetCurrentThreadId
GetModuleHandleA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
VirtualQuery

user32

UnhookWindowsHookEx
SetWindowsHookExA
EnumChildWindows
LoadCursorA
SetCursor
EnumThreadWindows
TrackPopupMenu
GetMenuItemID
IsIconic
IsZoomed
GetWindowRgn
IsMenu
GetSubMenu
GetMenuBarInfo
GetMenu
SetWindowRgn
GetSystemMenu
MessageBoxA
GetClassNameA
CallNextHookEx
ScreenToClient
SetCapture
EqualRect
ReleaseCapture
SetWindowPos
KillTimer
SetTimer
MenuItemFromPoint
GetMenuItemRect
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringA
GetMenuState
SetMenuItemInfoA
SetRect
GetActiveWindow
LockWindowUpdate
IsWindowVisible
GetSystemMetrics
ShowScrollBar
FillRect
GetSysColorBrush
EnableScrollBar
GetScrollBarInfo
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
GetWindowDC
GetDCEx
GetDC
MoveWindow
FindWindowExA
GetCursorPos
PtInRect
SetRectEmpty
ClientToScreen
ReleaseDC
GetSysColor
InflateRect
GetParent
GetClassLongA
GetWindowRect
GetComboBoxInfo
OffsetRect
IsRectEmpty
InvalidateRect
GetClientRect
GetWindowTextA
SendMessageA
IsWindowEnabled
GetFocus
GetIconInfo
DrawIconEx
DrawTextA
TrackMouseEvent
BeginPaint
EndPaint
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
SetPropA

gdi32

SetPixel
SetBkColor
TextOutA
GetTextExtentPointA
SetMapMode
CreatePen
CreateSolidBrush
GetStockObject
RoundRect
BeginPath
Rectangle
EndPath
SelectClipPath
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
StretchBlt
GetObjectA
DeleteObject
BitBlt
DeleteDC
SetTextColor
CreateDIBitmap
CreateFontA
CreatePatternBrush
SelectClipRgn
CombineRgn
CreateRectRgn
EqualRgn
OffsetRgn
ExtCreateRegion
CreateDIBSection
GetPixel
PatBlt
SelectObject
Polygon

comctl32

ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt

Exports

Exports

SkinH_Attach
SkinH_Attach_Ex

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
系统精灵/scgx.bat
系统精灵/作者说明.txt
系统精灵/新云软件.url
.url
系统精灵/系统管理精灵2.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 439KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

Headers

File Characteristics

Sections

Size: - Virtual size: 7.8MB

Size: 439KB - Virtual size: 443KB

Size: 168KB - Virtual size: 168KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB