a6233decc5c8462b02e1413dbf9c164f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6233decc5c8462b02e1413dbf9c164f_JaffaCakes118
Size

124KB
MD5

a6233decc5c8462b02e1413dbf9c164f
SHA1

7fb681a02c83784f4ff6f0e82280656489c9970d
SHA256

b7d39aa55603f28a3ba70e1e31dd9555ed44c0bcb98f198c13af803551810e4b
SHA512

8458a828f9a6693c7295ff1dad485e1e18e6446d2009934d483c0fdcaa60304e8b07266164bd868652994259445b0344aa5f96dfbda6baee9668bcb056f327da
SSDEEP

3072:AH6r52eAK0CvxmOZkWVtLDaQcEWSMt89XH:AaUeAK0dVu1DvcpSMC93

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQlock_Demo.exe
unpack001/qqlock.dll

Files

a6233decc5c8462b02e1413dbf9c164f_JaffaCakes118
.rar
QQlock_Demo.exe
.exe windows:4 windows x86 arch:x86

fb46afcfeb04947fc869e8a764cd5491

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qqlock

?InstallHook@@YG_N_N@Z

kernel32

GetCommandLineA
HeapAlloc
GetStartupInfoA
RtlUnwind
TerminateProcess
RaiseException
HeapFree
HeapReAlloc
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapSize
SetHandleCount
GetStdHandle
GetACP
GetEnvironmentStringsW
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
InitializeCriticalSection
LeaveCriticalSection
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
WritePrivateProfileStringA
TlsGetValue
GetCPInfo
GetProcessVersion
GlobalReAlloc
LocalReAlloc
TlsSetValue
TlsAlloc
TlsFree
GlobalHandle
GlobalFlags
LocalAlloc
SizeofResource
SetErrorMode
GetFileTime
EnterCriticalSection
GetFileSize
GetFileAttributesA
DeleteCriticalSection
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryA
ExitProcess
CreateFileMappingA
MapViewOfFile
GetWindowsDirectoryA
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
CloseHandle
GetModuleFileNameA
GetLastError
FormatMessageA
LocalFree
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
MulDiv
SetLastError
GetProfileStringA
GlobalAlloc
GetCurrentThread
lstrcmpA
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
lstrcmpiA
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
GetFileType
HeapDestroy

user32

InflateRect
MessageBeep
InvalidateRect
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetDC
ReleaseDC
MapDialogRect
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
SetWindowTextA
IsDialogMessageA
SetRect
GetNextDlgGroupItem
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
CopyAcceleratorTableA
CharNextA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
CharUpperA
wsprintfA
LoadStringA
IsIconic
GetSystemMetrics
DrawIcon
LoadIconA
GetSystemMenu
AppendMenuA
MessageBoxA
RegisterHotKey
GetClientRect
LoadBitmapA
GetWindowRect
SetActiveWindow
GetParent
KillTimer
EnableWindow
SetTimer
GetWindowThreadProcessId
SendMessageA
GetWindowTextA
GetClassNameA
FindWindowA
EnumChildWindows
IsWindowVisible
MoveWindow
HideCaret
ShowCaret
UnregisterClassA
DrawFocusRect
DefDlgProcA
ExcludeUpdateRgn
IsWindowUnicode

gdi32

CreateDIBitmap
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreateCompatibleDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
BitBlt
GetTextExtentPointA
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetMapMode
SetViewportOrgEx
SetBkMode
GetStockObject
SelectObject
SaveDC
RestoreDC
PatBlt
DeleteDC
GetObjectA
SetBkColor
CreateBitmap
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_Create
ord17
ImageList_Destroy

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
CoTaskMemFree

olepro32

ord253

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VariantChangeType
SysAllocString
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qqlock.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e50bdad09b723a63cad98af9d0009159

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

FreeLibrary
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleHandleA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
WritePrivateProfileStringA
HeapFree
ExitProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
SetHandleCount
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
HeapAlloc
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement
InterlockedIncrement
GetWindowsDirectoryA
OpenFileMappingA
MapViewOfFile
GetCurrentProcess
TerminateProcess
GlobalAlloc
GlobalLock
GetModuleFileNameA
GetLastError
FormatMessageA
GlobalFlags
GetFileAttributesA
GetFileTime
GetFileSize
lstrcatA
SetLastError
GetVersion
LocalReAlloc
SetErrorMode
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
DeleteCriticalSection
GlobalUnlock
GlobalFree
GetEnvironmentStrings
LocalAlloc
TlsAlloc
LocalFree
InitializeCriticalSection
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
GetFullPathNameA
FindFirstFileA
lstrcpynA
GetVolumeInformationA
LoadLibraryA
FindClose
lstrcpyA
GetProcAddress
LockFile
SetEndOfFile
UnlockFile
SetFilePointer
CloseHandle
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
WideCharToMultiByte
DuplicateHandle
MultiByteToWideChar
GetEnvironmentStringsW
lstrlenA
HeapDestroy
GetStdHandle
GetStartupInfoA

user32

RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
GetMessagePos
GetMessageTime
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
CopyRect
GetForegroundWindow
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
SetWindowTextA
ClientToScreen
GetDlgCtrlID
PtInRect
UnregisterClassA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
CharUpperA
wsprintfA
LoadStringA
RegisterWindowMessageA
SetWindowLongA
SetForegroundWindow
GetDlgItem
CallWindowProcA
IsWindow
GetClassNameA
GetWindowLongA
EnumChildWindows
GetWindowRect
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
CheckMenuItem
EnableMenuItem
GetWindow

gdi32

DeleteObject
SaveDC
GetStockObject
SelectObject
SetBkColor
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetObjectA
DeleteDC
CreateBitmap
RestoreDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

Exports

Exports

?InstallHook@@YG_N_N@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qqlockhelp.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

fb46afcfeb04947fc869e8a764cd5491

Headers

File Characteristics

Imports

qqlock

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 13KB

e50bdad09b723a63cad98af9d0009159

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 13KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 11KB