47668e18c832f3cee9fe14bf752d1c34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47668e18c832f3cee9fe14bf752d1c34_JaffaCakes118
Size

5.3MB
MD5

47668e18c832f3cee9fe14bf752d1c34
SHA1

01635f1d19f7bb18bdd728bd94b2f4ee11815e1a
SHA256

aa4075a37f97d3d0658c3320619aea3e2ce9ab92476ea7ccdf172b2fa4af6a3b
SHA512

19663b802a835defc6ece5f929b9ebd99a52a3f3f895234558ff02742f6c97df2025b6ebc9d4c169b01d660fe1d0819862772a5b28c6431996471fc598b563d9
SSDEEP

98304:7Nqrs/W1WjbcV41Jcn9k+MCTDCouHuCMxDxHO5oT371bLuBDJXjch:7Nl5bN1JD+MCfCouHpMKe31bKD6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/鑫财QQ群发全能（无人职守）—2009 3.20版/WinIo.dll
unpack001/鑫财QQ群发全能（无人职守）—2009 3.20版/WinIo.sys
unpack001/鑫财QQ群发全能（无人职守）—2009 3.20版/鑫财QQ群发全能（无人职守）—2009 3.20版.exe

Files

47668e18c832f3cee9fe14bf752d1c34_JaffaCakes118
.rar
鑫财QQ群发全能（无人职守）—2009 3.20版/QQFafafaHelp.chm
.chm
鑫财QQ群发全能（无人职守）—2009 3.20版/WINIO.VXD
鑫财QQ群发全能（无人职守）—2009 3.20版/WinIo.dll
.dll windows:4 windows x86 arch:x86

b9b2bee901bb36181f387e1e336faa1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
DeviceIoControl
GetEnvironmentVariableA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

advapi32

ControlService
CloseServiceHandle
OpenSCManagerA
CreateServiceA
StartServiceA
OpenServiceA
DeleteService

Exports

Exports

GetPhysLong
GetPortVal
InitializeWinIo
InstallWinIoDriver
MapPhysToLin
RemoveWinIoDriver
SetPhysLong
SetPortVal
ShutdownWinIo
UnmapPhysicalMemory

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
鑫财QQ群发全能（无人职守）—2009 3.20版/WinIo.sys
.sys windows:4 windows x86 arch:x86

172b54da983eaa27abf08d8ed525b840

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IoCreateSymbolicLink
IofCompleteRequest
Ke386IoSetAccessProcess
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
ZwUnmapViewOfSection
IoDeleteDevice
IoGetCurrentProcess

hal

HalTranslateBusAddress

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 536B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/BlackList.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/NoSendQQNum.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/Personal.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/Speed.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/Thumbs.db
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/Verinfo.ini
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/equip.ini
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/groupverinfo.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/selfmessage.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/documents/setup.ini
鑫财QQ群发全能（无人职守）—2009 3.20版/如何做到兼职日赚300？加盟鑫财硅谷创业网.url
鑫财QQ群发全能（无人职守）—2009 3.20版/新云软件.url
.url
鑫财QQ群发全能（无人职守）—2009 3.20版/最新版免费下载.url
鑫财QQ群发全能（无人职守）—2009 3.20版/每个版本的更新说明.txt
鑫财QQ群发全能（无人职守）—2009 3.20版/鑫财QQ群发全能（无人职守）—2009 3.20版.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.TTP
Size: 3.5MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TTP
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TTP
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TTP
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TTP
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9b2bee901bb36181f387e1e336faa1f

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 4KB - Virtual size: 3KB

172b54da983eaa27abf08d8ed525b840

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 4B

INIT Size: 544B - Virtual size: 536B

.reloc Size: 128B - Virtual size: 108B

Headers

File Characteristics

Sections

.TTP Size: 3.5MB - Virtual size: 8.1MB

.TTP Size: 512B - Virtual size: 4KB

.TTP Size: 512B - Virtual size: 4KB

.TTP Size: 1KB - Virtual size: 4KB

.TTP Size: 53KB - Virtual size: 56KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 4B

INIT
Size: 544B - Virtual size: 536B

.reloc
Size: 128B - Virtual size: 108B

.TTP
Size: 3.5MB - Virtual size: 8.1MB

.TTP
Size: 512B - Virtual size: 4KB

.TTP
Size: 512B - Virtual size: 4KB

.TTP
Size: 1KB - Virtual size: 4KB

.TTP
Size: 53KB - Virtual size: 56KB