826c67faf4238e36d648b3bb8ed50144_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

826c67faf4238e36d648b3bb8ed50144_JaffaCakes118
Size

412KB
MD5

826c67faf4238e36d648b3bb8ed50144
SHA1

c0f71a80ce16f3b56a6c83f18111e1ebbf02c52c
SHA256

551233bde95f89358d2bc887ee3074ce91197afae61fa01e24210c8ea64e49c9
SHA512

8330417a4c457f4c30ac9737ffcd269202e4717dc9b547cf06da84ba3f1d31047548ae4d86193ce43768f72d15d5373b1ef277a236c8857a4b8a13e63d57d6b1
SSDEEP

6144:pVDwzvyOSLUp+VRx41UirvLeHGwfmMKDseMhfjqhdvy1KuqYi0XVMM4sB91NMHa:pVDE9Sf3x4RwfrZ18C26J4sBHu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XueTr/XueTr.exe

Files

826c67faf4238e36d648b3bb8ed50144_JaffaCakes118
.rar
XueTr/XueTr.config
XueTr/XueTr.exe
.exe windows:4 windows x86 arch:x86

0efa5aff441740588adad57d13e7b3b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord1767
ord5276
ord4419
ord3592
ord795
ord324
ord2294
ord4229
ord4272
ord539
ord6003
ord6898
ord3993
ord6195
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord665
ord1971
ord6381
ord5180
ord354
ord2756
ord537
ord3365
ord2574
ord4396
ord3635
ord693
ord4238
ord3991
ord6896
ord5977
ord3281
ord3728
ord810
ord4266
ord6654
ord2755
ord4124
ord2567
ord4390
ord3569
ord609
ord2634
ord6640
ord6655
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord6048
ord815
ord561
ord804
ord6433
ord2613
ord1131
ord781
ord2579
ord4400
ord3389
ord3724
ord1143
ord2078
ord6777
ord1197
ord4155
ord2858
ord3605
ord656
ord6771
ord2403
ord2015
ord4213
ord2570
ord4392
ord6732
ord3393
ord686
ord6498
ord384
ord2400
ord3298
ord3282
ord6004
ord3995
ord6776
ord2857
ord2088
ord3909
ord6868
ord925
ord6879
ord6697
ord861
ord2362
ord6330
ord927
ord4273
ord922
ord2813
ord547
ord668
ord1972
ord3176
ord4053
ord2773
ord2762
ord356
ord6867
ord3332
ord3806
ord551
ord6865
ord6414
ord3703
ord3084
ord2859
ord941
ord4197
ord5438
ord3313
ord2506
ord4992
ord5261
ord3716
ord3397
ord3356
ord4704
ord4847
ord4370
ord538
ord355
ord2507
ord3494
ord5679
ord942
ord6688
ord940
ord3296
ord641
ord4219
ord2606
ord535
ord6919
ord2910
ord2810
ord6918
ord6920
ord6921
ord5286
ord6354
ord823
ord556
ord2631
ord2114
ord1088
ord3087
ord6871
ord6211
ord4294
ord858
ord1165
ord470
ord5871
ord6168
ord3871
ord1634
ord5785
ord2444
ord755
ord2406
ord3621
ord3614
ord3658
ord2371
ord3792
ord5273
ord4270
ord800
ord825
ord567
ord540
ord818
ord3737
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord3733
ord6051
ord1569

msvcrt

__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
strncmp
realloc
_initterm
tolower
sprintf
strncpy
wcsstr
fwprintf
fwrite
towupper
isprint
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
atoi
__CxxFrameHandler
free
wcstok
malloc
_except_handler3
_wcsicmp
_snwprintf
wcscpy
wcscat
wcsrchr
rand
wcslen
srand
fclose
wcscmp
sscanf
strstr
strchr
fgets
_wfopen
_purecall
wcsncmp
_wcsnicmp
swscanf
_wcsicoll
_wtoi
wcsncat
swprintf
wcsncpy
memmove
wcschr

kernel32

DeleteCriticalSection
GetVersion
InitializeCriticalSection
GetSystemDirectoryW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
VirtualProtect
ExpandEnvironmentStringsW
GetDriveTypeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
DuplicateHandle
OpenProcess
GlobalUnlock
MapViewOfFileEx
CreateFileMappingW
FlushFileBuffers
CreateEventW
ResetEvent
SetEvent
QueryDosDeviceW
GetLogicalDrives
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
IsBadReadPtr
ResumeThread
SuspendThread
LoadLibraryW
FreeLibrary
GetExitCodeThread
GetStartupInfoW
LocalAlloc
GlobalLock
CreateFileW
GetModuleFileNameW
WriteFile
WideCharToMultiByte
GetTickCount
MultiByteToWideChar
GetWindowsDirectoryW
GetLastError
ReadFile
GetFileSize
GetLongPathNameW
Sleep
CreateThread
TerminateThread
WaitForSingleObject
GetProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
ExitProcess
GetUserDefaultLangID
DeviceIoControl
DefineDosDeviceW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
LockResource
LoadResource
UnmapViewOfFile
FindResourceW
SizeofResource

user32

DestroyIcon
GetFocus
UnhookWindowsHookEx
ScreenToClient
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
LoadIconW
GetParent
SetWindowPos
IsWindow
GetClassNameW
GetWindowThreadProcessId
GetWindowTextW
EnumWindows
LoadImageW
PostMessageW
ShowWindow
wsprintfW
CreatePopupMenu
AppendMenuW
EnableMenuItem
GetCursorPos
CloseClipboard
OpenClipboard
SetWindowLongW
SetCursor
InvalidateRect
GetClientRect
LoadCursorW
GetWindowRect
DestroyWindow
IsWindowVisible
EmptyClipboard
SetClipboardData
EnableWindow
SendMessageW

gdi32

CreateFontW

advapi32

OpenProcessToken
CloseServiceHandle
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
CreateServiceW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
ControlService
DeleteService
QueryServiceStatus
OpenSCManagerW
EnumServicesStatusW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
StrStrIW
ShellExecuteW
ShellExecuteExW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoInitializeEx
CoCreateInstance

shlwapi

PathFileExistsW

msvcp60

??0_Lockit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetOpenW
InternetReadFile
InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestW
HttpQueryInfoW
InternetConnectW

ws2_32

inet_ntoa
ntohs

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xuetr0
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XueTr/readme.txt
XueTr/说明.txt

Sharing

General

Malware Config

Signatures

Files

0efa5aff441740588adad57d13e7b3b1

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

shlwapi

msvcp60

version

wininet

ws2_32

Sections

.text Size: 455KB - Virtual size: 455KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 155KB - Virtual size: 411KB

.rsrc Size: 700KB - Virtual size: 699KB

.xuetr0 Size: 17KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 455KB - Virtual size: 455KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 155KB - Virtual size: 411KB

.rsrc
Size: 700KB - Virtual size: 699KB

.xuetr0
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 24B