95a4876430e684064b4888f34516cf64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95a4876430e684064b4888f34516cf64_JaffaCakes118
Size

660KB
MD5

95a4876430e684064b4888f34516cf64
SHA1

4927c17c6523c92b842c786dbd1389edf3e81b84
SHA256

3beebb333b1da3d58b7bc24b394212b444268a0c54812946f02bd1c03356bb5a
SHA512

e6a6fc9f911a7c711ba9075e44d37c72224815a996d28aba42448bd216468cd41496eb0c40fd84cf5f278d55380cdee17fd7904940792ea83a47793858957bae
SSDEEP

12288:gokwCb/PxWWgzA4ZlXrI6iw/mWTuIO8jVHVHn:YwCb/vgzPZllpTuI9VHVHn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95a4876430e684064b4888f34516cf64_JaffaCakes118

Files

95a4876430e684064b4888f34516cf64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95f45dc9ad423da53c9f192c9c6d460f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\QQLive_dailyBuild\src\symbol\QQLive.pdb

Imports

chatskin

?TransparentBlt2@@YAXPAUHDC__@@HHHH0HHHHI@Z
?GetSkinColor@@YAKPB_WH@Z
?SetSkinVar@@YAHPB_W0@Z
?SetSkinColorScheme@@YAXHH@Z
?GetDrawMsg@CSkinBase@@SAIXZ
?GetSkinColorScheme@@YAXAAH0@Z
?SetSkin@CSkinBase@@QAEJPB_W0@Z
?GetOwnerRenderMsg@CSkinBase@@SAIXZ
?LoadSkinFromFile@@YAHPB_W00@Z
?HookColorSchemeChange@@YAHPAUHWND__@@H@Z
?GetColorSchemeChangeMsg@CSkinBase@@SAIXZ
?CreateSkinControl@@YAPAUHWND__@@PB_WPAU1@H@Z
?GetLockSizeMsg@CSkinBase@@SAIXZ
?GetSkinFont@@YAPAUHFONT__@@PB_W@Z
?SetWndSkin@@YAHPB_WPAUHWND__@@H@Z
?GetPicEx@@YAHPB_WAAPAUHBITMAP__@@AAUtagPOINT@@AAUtagSIZE@@H@Z
?RenderRichText@@YAHPB_WPAUHDC__@@ABUtagRECT@@HPAUHWND__@@PAUHFONT__@@H@Z

chatutlt

?FormUrlEncode@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?NavigateURL@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?KillOtherQQLivePlayerApp@@YAHPB_W@Z
?RegistLocalInfo@@YAHXZ
?GetModuleFolder@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUHINSTANCE__@@@Z
?MinimizeMemory@@YAXXZ
?IsWinXPOrLater@@YAHXZ
?GetKeyValue@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0AAV12@@Z

chatproxy

?CreateProxyTCPSocket@CProxyTool@@QAEHAAIPB_WGAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?MakeUdpProxySendBuf@CProxyTool@@QAEHPAEH0AAHKG@Z
?CreateSocks5ProxyUDPSocket@CProxyTool@@QAEHAAI0AAUsockaddr_in@@PB_WG222GAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1CProxyTool@@UAE@XZ
??0CProxyTool@@QAE@XZ
?GetUserProxySetting@CProxyTool@@QAEHAAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAG11@Z

chatlog

?CheckDirectoryExist@@YAHPB_W@Z
?GetUserAppDataPath2@@YAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetUserGuid@@YAXPADAAH@Z
?StrToAddr@@YAHAAUsockaddr_in@@PB_WF@Z
?CreateAllDirectory@@YAHPB_W@Z
?DOLOG@@YAXPB_WZZ
?CheckFileExist@@YAHPB_W@Z
?ReportThirdPart@@YAXPB_W@Z

exceptcatch

?SetExceptionCatcher@@YAXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z

xmlparser

?OutOfElem@CMarkup@@QAE_NXZ
?GetTagName@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetAttrib@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?SetDoc@CMarkup@@QAE_NPB_W@Z
?IntoElem@CMarkup@@QAE_NXZ
?FindElem@CMarkup@@QAE_NPB_W@Z
??0CMarkup@@QAE@XZ
??1CMarkup@@UAE@XZ
?GetData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ

mfc80u

ord587
ord3198
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord421
ord655
ord380
ord5489
ord2697
ord4256
ord2696
ord5199
ord1392
ord5908
ord3195
ord6720
ord1542
ord1661
ord1662
ord2011
ord266
ord2369
ord4884
ord4729
ord4206
ord3990
ord5178
ord776
ord1182
ord1178
ord3435
ord354
ord605
ord5105
ord5283
ord762
ord1908
ord3635
ord2797
ord1434
ord4574
ord1707
ord265
ord1021
ord1472
ord2651
ord5829
ord1883
ord3155
ord4109
ord6749
ord6140
ord4098
ord2361
ord3869
ord502
ord6700
ord282
ord3281
ord2860
ord4232
ord3873
ord1479
ord2364
ord5862
ord4026
ord2121
ord5637
ord5869
ord3483
ord1079
ord1274
ord6751
ord1271
ord2155
ord2656
ord5803
ord1785
ord3157
ord6063
ord4314
ord2648
ord5727
ord3590
ord2366
ord6279
ord5609
ord6232
ord5558
ord2261
ord1866
ord1772
ord1784
ord5965
ord777
ord4100
ord2260
ord2444
ord578
ord304
ord1416
ord3417
ord3756
ord2362
ord5867
ord314
ord1067
ord1220
ord2460
ord5398
ord5524
ord2788
ord4882
ord620
ord3189
ord6116
ord3296
ord3208
ord4230
ord1549
ord1628
ord1058
ord3395
ord4117
ord2081
ord3995
ord347
ord602
ord1270
ord642
ord5633
ord1007
ord566
ord3800
ord757
ord1139
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord1121
ord6272
ord4008
ord4032
ord2239
ord1096
ord3824
ord1049
ord334
ord593
ord5113
ord3327
ord4475
ord2832
ord5562
ord5209
ord5971
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord4535
ord1911
ord3677
ord3826
ord5378
ord6215
ord1123
ord5096
ord384
ord629
ord4238
ord317
ord584
ord5320
ord416
ord651
ord386
ord631
ord2271
ord2279
ord3925
ord3176
ord2749
ord2365
ord6277
ord3752
ord2086
ord1582
ord4234
ord3311
ord4743
ord1386
ord741
ord4112
ord6276
ord3983
ord6278
ord290
ord567
ord758
ord6033
ord2254
ord4093
ord2082
ord657
ord3223
ord4231
ord1561
ord1475
ord1924
ord3400
ord6262
ord1388
ord2083
ord2952
ord658
ord563
ord753
ord6251
ord3645
ord2225
ord1006
ord1921
ord1555
ord4101
ord3396
ord3224
ord2867
ord2876
ord326
ord5636
ord330
ord589
ord3424
ord3165
ord591
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord2340
ord6282
ord1086
ord1172
ord5316
ord3497
ord6293
ord1946
ord5327
ord4094
ord2085
ord3238
ord564
ord755
ord6003
ord1571
ord1959
ord3249
ord2070
ord370
ord618
ord6219
ord287
ord1430
ord6284
ord2893
ord5319
ord1535
ord1481
ord5360
ord4807
ord5660
ord4283
ord4242
ord3154
ord922
ord1427
ord5358
ord5645
ord4739
ord4160
ord1485
ord5361
ord5661
ord322
ord586
ord4770
ord4581
ord4172
ord3471
ord4165
ord4974
ord4383
ord410
ord4775
ord648
ord4198
ord4784
ord4437
ord4438
ord3734
ord3644
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4281
ord4362
ord4495
ord4840
ord4964
ord2560
ord4523
ord4474
ord4965
ord4358
ord4510
ord4667
ord4267
ord4194
ord2711
ord4942
ord1553
ord4788
ord4123
ord5162
ord4370
ord4292
ord1351
ord4371
ord3338
ord4957
ord2414
ord4790
ord4704
ord4799
ord2413
ord5047
ord4958
ord4643
ord2415
ord4940
ord4501
ord4955
ord2412
ord4668
ord4125
ord1293
ord2411
ord1999
ord4126
ord5202
ord5147
ord1610
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord1087
ord1162
ord1200
ord581
ord909
ord1646
ord1590
ord3331
ord5196
ord2531
ord2725
ord1536
ord2829
ord6721
ord4301
ord5911
ord2708
ord1611
ord2856
ord1156
ord283
ord1608
ord2534
ord3204
ord2077
ord3940
ord2640
ord1393
ord2527
ord4226
ord2985
ord5148
ord3712
ord1899
ord3713
ord5067
ord3703
ord1925
ord577
ord4179
ord2638
ord5210
ord3943
ord4480
ord293
ord4255
ord745
ord2311
ord557
ord760
ord1176
ord572
ord3397
ord4716
ord3158
ord4276
ord1118
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord280
ord929
ord6271
ord5711
ord2255
ord927
ord931
ord2384
ord1894
ord6002
ord896
ord2404
ord5638
ord2388
ord774
ord1719
ord2394
ord899
ord2392
ord2390
ord2407
ord900
ord2402
ord2386
ord709
ord2409
ord501
ord4074
ord2397
ord2379
ord2381
ord4347
ord2399
ord2169
ord2163
ord6086
ord1513
ord3678
ord6273
ord3796
ord4119
ord6275
ord6061
ord764
ord315
ord765
ord1198
ord5083

msvcr80

??0exception@std@@QAE@ABV01@@Z
_wtoi
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
calloc
_recalloc
wcsncpy_s
_purecall
memcpy_s
malloc
_resetstkoflw
realloc
free
memset
_ultoa
_CxxThrowException
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
wcsncmp
memmove_s
??0exception@std@@QAE@XZ
wcstoul
towlower
_time64
fopen_s
fwrite
_beginthreadex
fclose
wcscat_s
wcscpy_s
__RTDynamicCast
vswprintf_s
wcstol
swprintf_s
isdigit
_wcsicmp
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memcpy

kernel32

GetModuleHandleW
LoadResource
SizeofResource
lstrlenW
LeaveCriticalSection
lstrcmpiW
GetFileAttributesW
GetModuleFileNameW
RaiseException
LocalFree
FindResourceW
LoadLibraryW
GetVersion
FreeLibrary
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
GetLastError
InterlockedIncrement
lstrlenA
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
DeleteCriticalSection
GetPrivateProfileIntW
SetLastError
DeleteFileW
GetTickCount
CreateProcessW
WaitForSingleObject
SetFileAttributesW
CopyFileW
WideCharToMultiByte
GetPrivateProfileStringW
TerminateThread
ResetEvent
CreateEventW
CloseHandle
SetEvent
Sleep
GlobalAddAtomW
GlobalAlloc
GlobalLock
GetProcAddress
GlobalUnlock
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
GetProcessHeap
QueryPerformanceCounter
InitializeCriticalSection
LockResource
GetCurrentThreadId

user32

SendMessageTimeoutW
GetDesktopWindow
LoadIconW
SetWindowRgn
ShowWindow
RemovePropW
GetWindow
GetSysColor
CheckMenuItem
GetSystemMenu
UnregisterHotKey
AppendMenuW
UnregisterClassA
IsWindowVisible
LoadCursorW
SetCursor
GetClientRect
InvalidateRect
GetCursorPos
GetWindowRect
EnableWindow
PtInRect
SetForegroundWindow
ShowOwnedPopups
IsIconic
RegisterHotKey
DrawIcon
IsZoomed
MoveWindow
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
OffsetRect
GetTopWindow
GetClassNameW
EnableMenuItem
SystemParametersInfoW
SetFocus
GetMenuItemInfoW
GetCapture
ClipCursor
SetCapture
ReleaseCapture
RedrawWindow
KillTimer
SetTimer
SetWindowLongW
InflateRect
GetWindowLongW
IsWindow
GetSystemMetrics
CharNextW
SetPropW
PostMessageW
DestroyIcon
IsMenu
DrawIconEx
ScreenToClient
LoadImageW
SendMessageW
CreatePopupMenu
IsCharAlphaW
GetParent
GetPropW
SetParent
CopyRect
ReleaseDC
GetDC
GetFocus
TranslateMessage
RegisterWindowMessageW
GetMessageW
MessageBoxW
DispatchMessageW
FlashWindow
GetForegroundWindow

gdi32

GetDeviceCaps
StretchBlt
CreateRoundRectRgn
CombineRgn
CreateRectRgn
OffsetRgn
BitBlt
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW
CreateFontW
CreateSolidBrush
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
Ellipse

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx

ole32

CoRevokeClassObject
StringFromCLSID
CoCreateInstance
CoRegisterClassObject
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoLoadLibrary
CoTaskMemFree
StringFromGUID2

oleaut32

SafeArrayGetVartype
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
SysAllocStringByteLen
VariantChangeType
VariantCopy
UnRegisterTypeLi
RegisterTypeLi
VarBstrCmp
DispCallFunc
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantClear
SafeArrayDestroy
GetErrorInfo

urlmon

URLDownloadToCacheFileW

gdiplus

GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipLoadImageFromFile
GdipDrawImageRectI
GdipCreateFromHDC
GdipAlloc
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics

msvcp80

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

wininet

InternetCrackUrlW

ws2_32

gethostbyname
WSACleanup
sendto
send
setsockopt
inet_ntoa
closesocket
WSAGetLastError
socket
WSAStartup
ntohs
connect
htons
htonl

Sections

.text
Size: 404KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f45dc9ad423da53c9f192c9c6d460f

Headers

File Characteristics

PDB Paths

Imports

chatskin

chatutlt

chatproxy

chatlog

exceptcatch

xmlparser

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

gdiplus

msvcp80

wininet

ws2_32

Sections

.text Size: 404KB - Virtual size: 400KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 80KB - Virtual size: 78KB

.text
Size: 404KB - Virtual size: 400KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 80KB - Virtual size: 78KB