6964271421ee8632807238ec8b85e78e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6964271421ee8632807238ec8b85e78e_JaffaCakes118
Size

316KB
MD5

6964271421ee8632807238ec8b85e78e
SHA1

15b3ab131d2f9d55f89dc7cc897fe9e4fd16d4ad
SHA256

beaf092c5309ea7fe6267b0a9f8494cdf7e56f0e44c923fe280ad2d86949b2c6
SHA512

edaaa42bf5d776b6b94383d015937634f21eab7409d039cbb882c0a5ab272ec2c2eb82022cf67676b238d2fcf7a6afe83bccdbeff62c0f11643d37df7c8cbee8
SSDEEP

6144:e5MaSXN3e9GcUYORa/yL4RWm7JTshpLPyR8MBe1TfJ7deI88RR5U:SpSXNO9S86L4RX7JcpLPyRfe1V7Iqb5U

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Openv/download.exe
unpack001/Openv/天线网视频下载(xmlbar).exe

Files

6964271421ee8632807238ec8b85e78e_JaffaCakes118
.rar
Openv/download.exe
.exe windows:4 windows x86 arch:x86

c49d883d732751567cb94c61c3b0fe3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
OutputDebugStringA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileTime
DuplicateHandle
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
GetDriveTypeA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetFullPathNameA
GetStartupInfoA
HeapReAlloc
GetDateFormatA
GetTimeFormatA
VirtualQuery
VirtualAlloc
VirtualProtect
RtlUnwind
CreateDirectoryA
GetFileAttributesA
GetSystemInfo
ExitProcess
GlobalReAlloc
GetCurrentProcessId
ReadFile
IsDBCSLeadByteEx
LoadLibraryA
GlobalHandle
GetFileSize
SetFilePointer
GetSystemDefaultLangID
GetUserDefaultLangID
lstrcatA
GetProcAddress
GlobalFree
GetTickCount
lstrcpyA
FindClose
FindFirstFileA
FindNextFileA
LockResource
SetLastError
CreateFileA
CloseHandle
WriteFile
DeleteFileA
GetCommandLineA
IsDBCSLeadByte
lstrcpynA
FindResourceA
LoadResource
SizeofResource
GetModuleHandleA
GetModuleFileNameA
lstrcmpA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
LoadLibraryExA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
FreeLibrary
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FreeEnvironmentStringsA
SetEnvironmentVariableA

user32

GetLastActivePopup
MoveWindow
CheckDlgButton
ChildWindowFromPoint
IsDlgButtonChecked
SendDlgItemMessageA
LoadStringA
GetDialogBaseUnits
GetMonitorInfoA
GetAsyncKeyState
TrackPopupMenu
IsZoomed
IsIconic
GetSystemMenu
GetDlgCtrlID
GetCursorPos
ScreenToClient
GetTopWindow
PostMessageA
TranslateMessage
DialogBoxIndirectParamA
SetDlgItemTextA
EnableWindow
MessageBeep
GetForegroundWindow
PeekMessageA
DispatchMessageA
GetClassLongA
SetClassLongA
IsWindowVisible
ShowWindow
OffsetRect
UpdateWindow
UnregisterClassA
CreateAcceleratorTableA
SendMessageA
IsWindow
DrawIconEx
DestroyIcon
InflateRect
GetWindowDC
DrawTextA
DrawFrameControl
SetWindowsHookExA
SetWindowRgn
UnhookWindowsHookEx
IsWindowEnabled
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
SetTimer
GetWindowRect
SystemParametersInfoA
MapWindowPoints
AdjustWindowRectEx
GetMenu
EndDialog
KillTimer
GetActiveWindow
wsprintfA
CreateWindowExA
DialogBoxParamA
CharNextA
LoadImageA
SetWindowLongA
GetWindowLongA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DestroyWindow
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
GetClassNameA
GetDlgItem
RedrawWindow
SetWindowPos

gdi32

CreateFontIndirectA
GetTextExtentPoint32A
StretchBlt
ExtTextOutA
RoundRect
SelectClipRgn
SetBkMode
SetTextColor
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
GetCurrentObject
GetTextMetricsA
DPtoLP
CombineRgn
CreateEllipticRgnIndirect
CreateRoundRectRgn
ExcludeClipRect
SetStretchBltMode
CreatePen
SetBkColor
CreateSolidBrush
CreateRectRgnIndirect

advapi32

RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA

ole32

CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
OleCreateFontIndirect
VariantClear
VariantInit
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VarBstrCmp

comctl32

ImageList_Destroy
InitCommonControlsEx
ord6
ImageList_GetImageCount
ImageList_Remove
ImageList_Create
ImageList_AddMasked
ord17

wininet

InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Openv/天线网视频下载(xmlbar).exe
.exe windows:4 windows x86 arch:x86

8a72382d356a735bc99ed34b52d1ad38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
TerminateThread
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
GetDriveTypeA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetOEMCP
HeapSize
TerminateProcess
ResetEvent
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
CreateThread
ExitThread
GetFileType
SetStdHandle
GetFullPathNameA
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
RtlUnwind
CreateEventA
DuplicateHandle
GetFileTime
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
FormatMessageA
LocalFree
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetSystemInfo
ExitProcess
GetCurrentProcessId
WaitForSingleObject
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
SizeofResource
GlobalReAlloc
LoadLibraryA
GetSystemDefaultLangID
GetUserDefaultLangID
CreateProcessA
lstrcatA
WinExec
IsDBCSLeadByte
FreeLibrary
FindClose
FindFirstFileA
FindNextFileA
WriteFile
lstrcpyW
GlobalHandle
SetLastError
LoadResource
LockResource
CreateFileA
FindResourceA
CloseHandle
GetFileSize
DeleteFileA
GetCurrentThreadId
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
lstrcmpA
MulDiv
GlobalAlloc
GlobalLock
GetModuleHandleA
LoadLibraryExA
GetProcAddress
GetTickCount
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
GlobalUnlock
GlobalFree
CompareStringW
CompareStringA
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpynA
lstrcmpiA
lstrlenA
lstrcpyA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetUnhandledExceptionFilter
SetEnvironmentVariableA

user32

GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
IntersectRect
SetWindowPlacement
GetLastActivePopup
EnumChildWindows
GetWindowPlacement
BringWindowToTop
LoadIconA
GetMonitorInfoA
TrackPopupMenu
IsZoomed
IsIconic
GetMessageA
TranslateMessage
RegisterClipboardFormatA
GetMenuState
GetMenuStringA
GetMenuItemID
IsDialogMessageA
IsMenu
DialogBoxParamA
CreateDialogIndirectParamA
SetClipboardViewer
GetSystemMenu
PostQuitMessage
LockWindowUpdate
GetForegroundWindow
LoadMenuA
PeekMessageA
DispatchMessageA
FindWindowA
SendMessageTimeoutA
SetMenuItemInfoA
GetMenuItemInfoA
ModifyMenuA
GetMenuItemCount
FrameRect
CreatePopupMenu
SetMenuDefaultItem
AppendMenuA
EnableMenuItem
LoadBitmapA
IsRectEmpty
GetWindowDC
DrawStateA
SetWindowsHookExA
SetWindowRgn
GetAsyncKeyState
GetActiveWindow
MapDialogRect
SetWindowContextHelpId
DialogBoxIndirectParamA
EndDialog
UnhookWindowsHookEx
DrawTextA
DestroyCursor
SendMessageA
SetWindowLongA
CreateWindowExA
GetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
GetParent
GetDlgItem
IsWindow
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
OpenClipboard
EmptyClipboard
CloseClipboard
GetSubMenu
TrackPopupMenuEx
DrawAnimatedRects
DestroyMenu
DrawIcon
SetForegroundWindow
ChangeClipboardChain
GetClassLongA
SetClassLongA
DrawFrameControl
DrawIconEx
OffsetRect
LoadStringA
SetDlgItemTextA
EnableWindow
IsWindowVisible
GetTopWindow
LoadImageA
MessageBeep
CheckDlgButton
ChildWindowFromPoint
IsDlgButtonChecked
SendDlgItemMessageA
IsWindowEnabled
GetSysColorBrush
DrawEdge
GetSystemMetrics
InflateRect
ClientToScreen
PtInRect
GetDlgCtrlID
SetTimer
UpdateWindow
wsprintfA
CharNextA
RedrawWindow
DestroyAcceleratorTable
IsChild
GetDesktopWindow
InvalidateRgn
GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DestroyIcon
ShowWindow
AdjustWindowRectEx
KillTimer
MoveWindow
GetWindow
UnregisterClassA
DefWindowProcA
GetDC
ReleaseDC
GetClassNameA
CallWindowProcA
DestroyWindow
SetCursor
SetCapture
SetFocus
ReleaseCapture
GetCapture
ScreenToClient
GetCursorPos
FillRect
DrawFocusRect
GetFocus
BeginPaint
EndPaint
GetKeyState
CreateAcceleratorTableA
GetMenu
PostMessageA
GetDialogBaseUnits
CopyIcon

gdi32

StretchBlt
SetStretchBltMode
RestoreDC
SaveDC
PatBlt
CreateBitmap
CreatePatternBrush
CreateFontA
GetClipBox
SelectObject
GetObjectA
DeleteObject
DeleteDC
CreateFontIndirectA
SetTextColor
SetBkMode
CreateCompatibleBitmap
GetTextExtentPoint32A
BitBlt
GetDeviceCaps
GetStockObject
CreateSolidBrush
Rectangle
CreatePen
ExtTextOutA
SetBkColor
RoundRect
GetCurrentObject
SelectClipRgn
MoveToEx
LineTo
SetPixel
TextOutA
SetTextAlign
CreateRectRgnIndirect
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
CreateDIBSection
CreateCompatibleDC
CombineRgn
CreateEllipticRgnIndirect
CreateRoundRectRgn
ExcludeClipRect
CreateRectRgn
DPtoLP
SetBrushOrgEx
LPtoDP
GetBkColor
GetMapMode
GetTextMetricsA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA

shell32

SHGetMalloc
SHAppBarMessage
SHGetDesktopFolder
ShellExecuteExA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

OleInitialize
CreateStreamOnHGlobal
OleUninitialize
StringFromGUID2
RevokeDragDrop
ReleaseStgMedium
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
OleGetClipboard
RegisterDragDrop
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SafeArrayRedim
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VarBstrCmp
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_DrawIndirect
ord17
ImageList_GetImageCount
ImageList_Remove
InitCommonControlsEx
ImageList_GetIconSize
ImageList_GetIcon

urlmon

URLDownloadToFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Openv/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

c49d883d732751567cb94c61c3b0fe3e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 32KB - Virtual size: 31KB

8a72382d356a735bc99ed34b52d1ad38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

urlmon

version

Sections

.text Size: 348KB - Virtual size: 344KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 104KB - Virtual size: 100KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 348KB - Virtual size: 344KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 104KB - Virtual size: 100KB