7621a0916384bf1f9fd8c5cd57d03b57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7621a0916384bf1f9fd8c5cd57d03b57_JaffaCakes118
Size

276KB
MD5

7621a0916384bf1f9fd8c5cd57d03b57
SHA1

8a496b4292460f99041176a649ea9c3967e3ffbf
SHA256

1e329e534086a23fc6a02b244c86e172d4a347b96dd4d430f465f22009540fc1
SHA512

9e1d5935ea63c0f81e8189f13d34d6bfe3c580606446cee1db951a80a4041e0cc73055bc30a57157f8f9abee8975fce2c397a86002a5dae68ddd913ea60ced89
SSDEEP

6144:tXWzM80W9WNq45HV1XiOXmIZNIlmkvPwwK8Ee0Fa+:5U0W9WzRVZifIPcmkU8FEv

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 6 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/IPShow.dll	acprotect
static1/unpack001/MSIMG32.dll	acprotect
static1/unpack001/QQFun.dll	acprotect
static1/unpack001/QQHook.dll	acprotect
static1/unpack002/QQStatus.dll	acprotect
static1/unpack003/IMRecord.dll	acprotect

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IPShow.dll
unpack001/MSIMG32.dll
unpack001/QQFun.dll
unpack001/QQHook.dll
unpack002/QQStatus.dll
unpack003/IMRecord.dll

Files

7621a0916384bf1f9fd8c5cd57d03b57_JaffaCakes118
.rar
IPShow.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IPShow.ini
MSIMG32.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQFun.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQHook.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

QQFunMainWindowCall
QQFunMainWindowControl
QQFunRegisterBuddyMessageWindow
QQFunRegisterGroupMessageWindow
QQFunRegisterHookCallback
QQFunRegisterHookMessageWindow
QQFunRegisterLoginFinishNotifyCallback
QQFunRegisterMessageNotifyCallback
QQFunUnRegisterBuddyMessageWindow
QQFunUnRegisterGroupMessageWindow
QQFunUnRegisterHookCallback
QQFunUnRegisterHookMessageWindow
QQFunUnRegisterLoginFinishNotifyCallback
QQFunUnRegisterMessageNotifyCallback
SysChooseColorEx
SysChooseImageFile
TencentAboutCall
TencentAgreementCall
TencentSwitchCall
_AutoPostChangeStatus
_AutoPostChangeText
_AutoPostInit
_AutoPostUnInit
_ChangeCaptionStatus
_ChangeIPAddress
_ConvertGenderToStr
_GetAddressKernel
_GetCachePath
_GetCameraHook
_GetClientName
_GetCommonPath
_GetGUIDString
_GetIPAgent
_GetIPCacheFile
_GetIPLanMemory
_GetIPSettings
_GetIPTimeout
_GetIconHook
_GetIconHook2
_GetImageHook
_GetMarkHook
_GetMsgHook
_GetNowTime
_GetPluginName
_GetPluginPath
_GetProcAddr
_GetProcessCount
_GetRunFile
_GetRunName
_GetRunPath
_GetRunTime
_GetSessionCount
_GetSessionHook
_GetSessionHook2
_GetSettingFile
_GetSettingFull
_GetSettingInfo
_GetSettingXero
_GetStatusHook
_GetStatusName
_GetStatusNumber
_GetVIPHook
_GetVerAtom
_GetVerByte
_GetVerCode
_GetVerHook
_GetVerMajor
_GetVerMinor
_GetVerProc
_GetVerSave
_GetVerSet
_GetVerSys
_GetVerTemp
_GetVerText
_GetVerTime
_GetVerUser
_IsAutoMemory
_IsAutoPostOK
_IsCameraHook
_IsClientLogin
_IsClientType
_IsIconShow
_IsImageHook
_IsKillPlugin
_IsMsgApply
_IsMsgBuddy
_IsMsgGroup
_IsMsgSystem
_IsOffMessage
_IsPluginKill
_IsQQBuddy
_IsQQNumber
_IsQQOnline
_IsQQOpenBuddy
_IsQQOpenSession
_IsQQWindows
_IsServiceHook
_IsStatusHook
_IsStatusShow
_IsTextAfter
_IsUpdateTime
_IsVIPHook
_IsVersionHook
_IsWheelTop
_PostQQUserNumberAutoMessageText
_QueryBuddyCombineA
_QueryBuddyCombineW
_QueryBuddyGender
_QueryBuddyMailA
_QueryBuddyMailW
_QueryBuddyMainA
_QueryBuddyMainW
_QueryBuddyMarkA
_QueryBuddyMarkW
_QueryBuddyMobileA
_QueryBuddyMobileW
_QueryBuddyNameA
_QueryBuddyNameW
_QueryBuddyNickA
_QueryBuddyNickW
_QueryBuddySplit
_QueryBuddyVersion
_QueryBuddyWindows
_QueryGroupClassA
_QueryGroupClassW
_QueryGroupCode
_QueryGroupCombineA
_QueryGroupCombineW
_QueryGroupCreate
_QueryGroupNameA
_QueryGroupNameW
_QueryGroupNumb
_QueryGroupQQCombineA
_QueryGroupQQCombineW
_QueryGroupQQGenderA
_QueryGroupQQGenderW
_QueryGroupQQNameA
_QueryGroupQQNameW
_QueryGroupQQStatus
_QueryMessageTextA
_QueryMessageTextW
_QueryMessageTime
_QueryQQBuddyArrayCount
_QueryQQBuddyArrayErase
_QueryQQBuddyArrayInit
_QueryQQBuddyArraySize
_QueryQQBuddyArrayToBufferArray
_QueryQQBuddyArrayUnInit
_SetAtferStatus
_SetCameraHook
_SetCameraStatus
_SetFreeMemory
_SetFuckStatus
_SetHelpLoader
_SetIPAgent
_SetIPCacheFile
_SetIPLanMemory
_SetIPSettings
_SetIPTimeout
_SetIconHook
_SetIconHook2
_SetIconLoader
_SetIconStatus
_SetImageHook
_SetImageStatus
_SetKernelHook
_SetMarkHook
_SetMemoryStatus
_SetMsgHook
_SetPluginDisable
_SetPluginEnable
_SetPluginLoader
_SetPluginStatus
_SetServiceStatus
_SetSessionHook
_SetSessionHook2
_SetStatusHook
_SetStatusStatus
_SetTopStatus
_SetUnKernelHook
_SetUpdateStatus
_SetVIPHook
_SetVIPStatus
_SetVersionStatus
_SetWindowShow

Sections

Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQHook.ini
好友上线下线提醒插件.zip
.zip
QQStatus.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Loader

Sections

Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQStatus.ini
Ѳʹ˵.txt
必看使用说明(QQFun).txt
新云软件.url
.url
聊天监视器组件.zip
.zip
IMRecord.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

IsPassword
IsPasswordEmpty
IsPasswordLength
QQFunViewRecord
ReadPassword
RemovePassword
WritePassword

Sections

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ʹ˵.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: - Virtual size: 40KB

Size: 20KB - Virtual size: 20KB

Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 24KB

Size: 4KB - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: - Virtual size: 272KB

Size: 196KB - Virtual size: 196KB

Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 88KB

Size: 26KB - Virtual size: 28KB

Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 40KB

Size: 13KB - Virtual size: 16KB

Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 20KB

Size: 5KB - Virtual size: 8KB

Size: 1024B - Virtual size: 4KB