475c1794f224e51ba7ddf678316236b4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

475c1794f224e51ba7ddf678316236b4_JaffaCakes118
Size

328KB
MD5

475c1794f224e51ba7ddf678316236b4
SHA1

d5e21833e783ef8b76f0d8418f417c57a4a7a28c
SHA256

477bef4e1ae57d2d0363c5b17bd42354f2bcdd4db538d4d6c001ddaba3c2fd72
SHA512

dfaf92ac77066ad2a765bc141cfc94a8152cfa56e0a1fb9077f1388ef36e098a0ac5a94c48a7020a06106081c5db727ec078ee5eac18902df76e284d588032d2
SSDEEP

6144:3gLvpVJmxivsGEE5W5eYmjqmt5azPzIr1z1ehVwtT0MXOUfzGZn0U0ShBGUkWepm:3Mr8iv1EEwIWoa7+1990KNzabhBGUek

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/baiduclick/BaiduClick.exe
unpack001/baiduclick/SkinH.dll

Files

475c1794f224e51ba7ddf678316236b4_JaffaCakes118
.zip
baiduclick/BaiduClick.exe
.exe windows:4 windows x86 arch:x86

c93303558190fda6b97749cc831c0432

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\已经结束的项目\201010\BaiduClick\release\BaiduClick.pdb

Imports

kernel32

GetFileAttributesA
GetFileTime
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
GetTimeZoneInformation
Sleep
GetACP
IsValidCodePage
HeapDestroy
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FormatMessageA
LocalFree
MulDiv
InterlockedDecrement
GetModuleFileNameW
GlobalUnlock
WritePrivateProfileStringA
GlobalFree
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
WaitForSingleObject
ResetEvent
CreateThread
CloseHandle
SetEvent
CreateEventA
CompareStringA
MultiByteToWideChar
GetVersion
InterlockedExchange
lstrlenA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetProcAddress
LockResource
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
GetLastError
GetCurrentDirectoryA
FreeResource
SizeofResource
LoadResource
HeapCreate
FindResourceA

user32

RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowRect
AppendMenuA
RemovePropA
SendMessageA
IsIconic
LoadIconA
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
EnableWindow
GetSystemMetrics
GetClientRect
GetSystemMenu
DrawIcon
SetTimer
CharUpperA
PostMessageA
PostQuitMessage
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
GetWindowThreadProcessId
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
EndDialog
IsWindow
GetDlgItem
GetNextDlgTabItem

gdi32

GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
CreateRectRgnIndirect
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathIsUNCA
PathFindFileNameA
PathStripToRootA

oledlg

ord8

ole32

CoRevokeClassObject
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
VariantInit
SysAllocStringLen
VariantClear
VarBstrCmp
VariantChangeType
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

skinh

SkinH_SetAero
SkinH_AttachRes

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
baiduclick/SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 95KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
baiduclick/ٶȵ.txt
ʹ˵.txt
ٷվ.url

Sharing

General

Malware Config

Signatures

Files

c93303558190fda6b97749cc831c0432

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

skinh

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 124KB - Virtual size: 119KB

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 220KB

.52PoJie Size: 95KB - Virtual size: 111KB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 124KB - Virtual size: 119KB

.Hmily
Size: - Virtual size: 220KB

.52PoJie
Size: 95KB - Virtual size: 111KB