6f6802b256d87f00a32aa08a67e9c8c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f6802b256d87f00a32aa08a67e9c8c3_JaffaCakes118
Size

437KB
MD5

6f6802b256d87f00a32aa08a67e9c8c3
SHA1

7189acec7b9817d1c353cc215c0e7403caaeee64
SHA256

98c8eb7cf52f407fa6ba2edf756d71fefc2d3913086ec0a27aee16d755e12bd5
SHA512

9529d8a69fdca7b6aaa52e62f873650a431b97d9cbf9eeb73c9b7caf3583eb540fd3af2a337a3033fe7779dd1d351d3309d3d3332e81511b479f529152a2aeb9
SSDEEP

12288:JZGN1W9xcPnUZE9KwnfKRroYlF+DHU8DhETjORRobY9R07jb6C:JZG29x+nUZEcwnfKR1lF408D6OEU9Rcp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/QQ收割小分队6.2(Beta版)/收割小分队6.2(Beta版).exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ收割小分队6.2(Beta版)/收割小分队6.2(Beta版).exe

Files

6f6802b256d87f00a32aa08a67e9c8c3_JaffaCakes118
.rar
QQ收割小分队6.2(Beta版)/farm.xml
.xml
QQ收割小分队6.2(Beta版)/免责声明.txt
QQ收割小分队6.2(Beta版)/小分队官方论坛.url
QQ收割小分队6.2(Beta版)/收割小分队6.2(Beta版).exe
.exe windows:5 windows x86 arch:x86

098feb5de15dc9ede646cd2c3d1c7ea9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
lstrcpynA
GetProcAddress
GetModuleHandleA
GetLastError
SetLastError
WinExec
lstrlenA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
WriteFile
ReadFile
CloseHandle
GetFileSize
CreateFileA
MultiByteToWideChar
Sleep
TerminateThread
DeleteFileA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ResetEvent
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetTickCount
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetStdHandle
VirtualFree
HeapCreate
GetTimeZoneInformation
IsValidCodePage
GetACP
GetFileType
SetStdHandle
HeapSize
CreateThread
ExitThread
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
MulDiv
LocalFree
FormatMessageA
FreeResource
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FileTimeToSystemTime
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
GetThreadLocale
InterlockedIncrement
lstrcmpA
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringA
GetCurrentProcessId
GetModuleFileNameW
InterlockedDecrement
FileTimeToLocalFileTime
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
GetModuleHandleW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileSizeEx
GetFileTime
SetErrorMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
GetTimeFormatA
GetDateFormatA
HeapReAlloc
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
CopyRect
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
MessageBoxA
IsWindowVisible
SetMenu
TrackPopupMenu
MapWindowPoints
PeekMessageA
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetMessageA
SetWindowPos
CreateDialogIndirectParamA
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
GetWindowThreadProcessId
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
WindowFromPoint
GetSysColorBrush
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperA
UnregisterClassA
RegisterClipboardFormatA
GetMenuState
PostThreadMessageA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
EnableWindow
SendMessageA
LockWindowUpdate
LoadIconA
GetSystemMenu
AppendMenuA
LoadMenuA
GetDC
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetWindowRect
KillTimer
PostMessageA
GetSubMenu
GetCursorPos
InvalidateRect
PtInRect
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
CharNextA
GetActiveWindow
GetMenuItemID
GetMenuItemCount
ReleaseCapture
RedrawWindow
SetCapture
SetCursor
GetNextDlgTabItem
EndDialog
SetForegroundWindow
SetActiveWindow
ExitWindowsEx
ClientToScreen
GetMessagePos
ScreenToClient
UpdateWindow
UnionRect
DrawEdge
DrawFrameControl
DrawFocusRect
GetFocus
GetKeyState
DispatchMessageA
TranslateMessage
CopyIcon
LoadCursorA
InflateRect
ReleaseDC
GetParent
GetSysColor
IsWindow
SetWindowLongA

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
RestoreDC
SaveDC
ExtTextOutA
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateBitmap
SetBkMode
SetBkColor
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
DeleteObject
GetObjectA
DeleteDC
CreateCompatibleDC
CreateDIBSection
StretchBlt
GetDIBColorTable
SelectObject
SetDIBColorTable
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
GetCurrentObject
SetTextColor
GetClipBox
GetRgnBox
SetWindowExtEx
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueA
RegOpenKeyExA
AdjustTokenPrivileges
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
SysAllocStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
VariantClear
VariantChangeType
VariantTimeToSystemTime
SysAllocString

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipFree
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdipBitmapUnlockBits
GdiplusStartup

wininet

HttpOpenRequestA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
HttpSendRequestA
DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA
InternetConnectA

winmm

sndPlaySoundA

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

Exports

Exports

�H�l�GW�}�� 1)��ߧ��c �S}4�pבޭF�ъ�m��1@\��1��E�6ڄ��hJ ��Gi��Hm+BJJ�u��#ND�o}� �F��1�p�`L��wm�q�>�њ[&�_G^s�Ε?�⛬Q�SҮ��QYn��dc��啔[t�[��0u��ʂ5�9�l�)�f9��K��단+w�|�?dy&�pCq��=��E�<g��%��F��nmGMl0�B�)�.��>X��aԘ�bAm�� vUh<#0��R�K��z��'�T�[�!}��r˖9(c�$S��LQ��;U ƕ�0��6�Њ��N�:M��[�@��<��؂1��IM�a��Z|��Y��[ �,��e��oq�N� � Ң2?�l��zJ�.��0O��tcC�v2Y��ag�s��Cq��~XwG|�8��Mټ-� 0��XG��?9F�ۯ��\�=�&��d��'�j�eD��F�rP��G��KN��X9Q&fN;�F��4�nҌ��j��B]�E�&��)�Q��hP��BIa�谑w�N�$H�q�D��o=BRs0o��:'�xq�XW"[<#�vRMQB�S��Ǜk��~�?�]@)��B2�g�ʬ��4z�U�u�qu��3ʏ�Q��d��p=�� EG�J4nNG5~V�`��w2bQ��T��JH�j��o&&�s�)�F��D!~�.��b3��H�|�`��)�n&��1�ry'4ݱFrtJ��L(��&�;�ܓ.k6+�̘I�t<��d�mC��6��|�(�!&��;^΀4�u�Cۅ�� FȚ�-c��@��q��V0��#c�M/��>��ѐdc��EDge{�Ϋm�A=2�r�w ��B�Z'P��d��B�L ��F)ןl**��+G��f믵��>�;��uql��!��-��p(u�|��4ݏ�sZ�Ms��=�Sj"�޵�p��3gI&��/�L�0=͜�aE_��Zo��aL� ��Z|x�/��6�w��NU��4u�E8]o >W��>8��9��-�Q��]с��'wJ��l�,'��D�@Sk�ol'�eYq�W�=tnqXd/�X�0�r�0Qr��v2��K��j�s�M9�RQrY&]-r#c�{��Q��^bG�dX�� .a+*��l��(W�4$�lj��{�E�EA�k� Z[�J&�`Z _�Ix�Q��E2[�@�X��q��L�:��.��`��M�}}��3�.F��+JG��T2�t5g��o��R�h�l"�k��Ŵ�3��ϧ�3e��/ND��q7�I�ȑ'Xn�d:��T�+�F��^%�B9��Y�a��+��&O�D�!�>j�I��Ԅ ��]��M}J��m�gb��呸�׎��+�,��̵�ܨ��T�F��{��v�kG�=��@AR��;�/Ҕb��AXB��=��u��!@~L�ec<v��k7�'��5��~>�3��!�z��Y]C�\�E�T�"��ON��A��m��5�Y��Q��C��s�ꞥ�dYBc�y��p��^�<`C��<�bZ3��_�1�bN%��t$4m��=iz�>��rǸ� ��~?��M� ��Aw c��rg��Ť��q��B:w��A�Zm�=̓�f��,k��j=��)X,E�<lz"�0�U� H��$j3��>G��Hh��cOU��Bk�� /#��b[9�;�݄�ZmvRG� �E�/_��w��ݞqx��1��ɸ����n��SF +"(薞�/��Y�W��Z��"�Y~�E �?�G ��U̅#��<�'>� O3I�E��]��9��\��̿��,��4��]�7V�7��(x�M ��'!�5�`��:�_�)�8�E��E��oG��VZ�~K��T��%��3��~�b��W6Ѣ�?��=�m�z��!��51�T�k²�\S�M]w�Ǚ�=��Q��3��`��{�u�(9bK�,�.��!Js��^�cp�~�.�1�̫f�e��(�UR�-{� ��(��F��Aʧ&=}[Z��P`��K��ݗ�( h��U��I�+��I��A�8��^^]g�0#(��;��l�K��,��p.2%/��/g�g�B��;�Ƒ��e"��p-GSSy�LM��pq�!�P:�,�~kY9��m�;��g|(��b��; ��}-�2@$*N��֬|��c�~�K��Թ�Ƀ̭9 OȺ��ȥy[�g$�!��C� �쩛��W��{WP�� c4��t-�� G��L��/��1B��6BɑE�k��Dv��V��$J��3�`��݆��G1�;��2+��w<�](nym�^��2'��ee ��&,�'Q�P�/�u�B}��H;��4�Fnt��%�~ޕ��'�x}U��l@�@��o�u�=Y��o��n ��m�']θ��NMDV� z��'(Z�'�fjq[ſ9��q-��L�S�+��F��?-_3�C��Sݑ��YC�؏�mzC�q��?��m�=X�g�XL#(�Թf��ʡ�7v��y�P�z�U\��'��G��J�\�;/�S�"*��>��]��n1��~ޅH��ԝ��:��ޟ��ں׍ً�[v�y�Q( ])|Ѥ��_�X�,i��K�eY,DrV��6�Y�FEb��`�{�Z��!)Rm؋)�>x�?#�|,�yk��:�S:h��Y~�?�87�$f��+� Kj�sR�|Oʫ`c�g� �.��u4fUT��]�ϥq�1��Fp=∣tFA��Օ�.��CZ�/��u1g{\�i{�TK��΀?x��F

Sections

.text
Size: - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ收割小分队6.2(Beta版)/新云软件.url
.url
QQ收割小分队6.2(Beta版)/说明.txt
QQ收割小分队6.2(Beta版)/音频1.wav

Sharing

General

Malware Config

Signatures

Files

098feb5de15dc9ede646cd2c3d1c7ea9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

oledlg

gdiplus

wininet

winmm

oleacc

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 479KB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 29KB

.rsrc Size: 15KB - Virtual size: 34KB

.vmp0 Size: - Virtual size: 53KB

.vmp1 Size: - Virtual size: 32KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 406KB - Virtual size: 405KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: - Virtual size: 479KB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 29KB

.rsrc
Size: 15KB - Virtual size: 34KB

.vmp0
Size: - Virtual size: 53KB

.vmp1
Size: - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 406KB - Virtual size: 405KB

.reloc
Size: 512B - Virtual size: 316B