a4b0ca2d28df982a761a0d2fc3907d7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4b0ca2d28df982a761a0d2fc3907d7e_JaffaCakes118
Size

319KB
MD5

a4b0ca2d28df982a761a0d2fc3907d7e
SHA1

854c0ad40072ca4983c941ebcf90dd9c739fbe49
SHA256

12390d55bc669fa4b211ae2f37d4c17934b1653cd9ca5ce423bbc7b06e7150f2
SHA512

868eb05fd383b1b894f60cd946c0eae8b513b7072cbe2e1784d6cf16f37cbdda653cd76f87097633198b0f75168c4413dc1305af662ec380bc0eed2e282b1746
SSDEEP

6144:/DznPc/RSP0xJ8wenCrb/6sozrpi3CQOmZtePNz/3dTBEQb3IswSGLR+zTQ:/vnPmq0xJ8wenCGc3CQO8ePNTNTIkSRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xcplxiaz/photoV36.exe

Files

a4b0ca2d28df982a761a0d2fc3907d7e_JaffaCakes118
.rar
xcplxiaz/photoV36.exe
.exe windows:5 windows x86 arch:x86

65ea608732fa4c3703abc54d3809c21b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\学习\vc\复件 QQPhotoDown\Release\QQPhotoDown.pdb

Imports

kernel32

OpenEventA
FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
HeapReAlloc
HeapSize
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
GetFileType
SetStdHandle
ExitProcess
RaiseException
RtlUnwind
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
VirtualProtect
GetOEMCP
GetCPInfo
FileTimeToSystemTime
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
GetAtomNameA
SetErrorMode
GlobalFlags
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
SetEvent
WaitForSingleObject
WritePrivateProfileStringA
InterlockedExchange
lstrcmpA
GetCurrentThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
FindNextFileA
FindFirstFileA
FindClose
CompareStringA
LoadLibraryA
lstrcmpW
FreeLibrary
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
SetLastError
MulDiv
GlobalAlloc
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetModuleFileNameA
GetLastError
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
InterlockedDecrement
CreateDirectoryA
FormatMessageA
GetProcessHeap
HeapAlloc
WideCharToMultiByte
CreateThread
WaitForMultipleObjects
GetVersionExA
GetCurrentDirectoryA
lstrlenA
DeleteFileA
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource

user32

ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
TabbedTextOutA
RegisterWindowMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SendDlgItemMessageA
GetSysColor
PeekMessageA
DispatchMessageA
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
WinHelpA
TrackPopupMenu
GetKeyState
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetFocus
LoadIconA
LoadCursorA
PostThreadMessageA
MapDialogRect
SetWindowContextHelpId
GetForegroundWindow
SetForegroundWindow
SetMenuItemBitmaps
GetParent
IsChild
GetLastActivePopup
GetWindow
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
GetFocus
SetCapture
GetCapture
KillTimer
SetTimer
ShowOwnedPopups
IsWindowVisible
ValidateRect
InvalidateRgn
InvalidateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
MapWindowPoints
GetClientRect
BringWindowToTop
IsIconic
GetSystemMenu
DrawIcon
PostMessageA
SendMessageA
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
AppendMenuA
GetMenuItemID
EndDialog
GetDesktopWindow
GetActiveWindow
LoadBitmapA
GetMenuCheckMarkDimensions
CharNextA
CharUpperA
PostQuitMessage
TranslateMessage
GetMessageA
SetActiveWindow
IsWindow
GetCursorPos
SetCursor
GetWindowThreadProcessId
GetSysColorBrush
FillRect
DrawTextA
GetWindowRect
LoadMenuA
SetMenu
InflateRect
SetRect
PtInRect
GetSystemMetrics
IsWindowEnabled
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
EnableWindow
DrawTextExA
GrayStringA
CreatePopupMenu
CheckMenuItem
EnableMenuItem
GetMenuItemInfoA
InsertMenuItemA
ModifyMenuA
DestroyMenu
GetClipboardFormatNameA
UnpackDDElParam
SetRectEmpty
ReleaseCapture
CopyAcceleratorTableA
LoadAcceleratorsA
MessageBeep
TranslateAcceleratorA
ReuseDDElParam
UnregisterClassA
RegisterClipboardFormatA
IsRectEmpty

gdi32

CreatePatternBrush
CreateFontIndirectA
CreateCompatibleBitmap
CreateRectRgnIndirect
GetRgnBox
CreateCompatibleDC
SelectObject
GetBkColor
GetTextColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
BitBlt
GetPixel
TextOutA
GetTextExtentPoint32A
Escape
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateSolidBrush
GetObjectType
GetStockObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetDeviceCaps
ExtSelectClipRgn
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RevertToSelf
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
SetThreadToken
OpenThreadToken

shell32

DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
DragFinish
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StringFromCLSID
OleInitialize
OleUninitialize
OleFlushClipboard
CoFreeUnusedLibraries
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoRegisterMessageFilter
OleIsCurrentClipboard

oleaut32

SystemTimeToVariantTime
SysAllocStringLen
SysAllocString
VariantClear
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
GetErrorInfo
VariantTimeToSystemTime
SysFreeString

urlmon

URLDownloadToFileA

wininet

InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
DeleteUrlCacheEntry

Sections

.text
Size: 722KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xcplxiaz/说明(必读).txt

Sharing

General

Malware Config

Signatures

Files

65ea608732fa4c3703abc54d3809c21b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

Sections

.text Size: 722KB - Virtual size: 721KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 98KB - Virtual size: 98KB

.text
Size: 722KB - Virtual size: 721KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 98KB - Virtual size: 98KB