b1542d12249fc1f1a9f4ea183afc519b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1542d12249fc1f1a9f4ea183afc519b_JaffaCakes118
Size

570KB
MD5

b1542d12249fc1f1a9f4ea183afc519b
SHA1

19c0d925f8f76c0df3b4ef73ebf5928c49d6b6f3
SHA256

aecd76284aa45fad129b9142fdfb6a05066c33611aca200d5b184a22235ce0a4
SHA512

85968fdb531802f0996f0cb932e10a0796a2dbc4af7bab47b91b498a078a7770a694e6802a291144d829cacbee5990d8781369d482e6329d0a8fd7542153c092
SSDEEP

12288:wakl00Wk6TMBnTkfAPeCxRWeuTtG3gZtKoM2rFpAR6z1K:pklr4cYWOeEtG8tqgF86hK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/净坛使者.com

Files

b1542d12249fc1f1a9f4ea183afc519b_JaffaCakes118
.rar
MSFLXGRD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

e87e749ebc55d5130c2bb4db48b707d0

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetStringTypeA
GetStringTypeW
GlobalFree
LCMapStringA
LCMapStringW
GlobalLock
GlobalSize
GetVersionExA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
HeapReAlloc
GetModuleFileNameA
InterlockedDecrement
MultiByteToWideChar
GetProfileStringA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
lstrcpynA
InterlockedIncrement
GlobalUnlock
GlobalAlloc
lstrcmpA
HeapAlloc
lstrcatA
HeapFree
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
MulDiv
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
IsDBCSLeadByte
InterlockedExchange

user32

SendMessageA
GetDlgItemInt
RegisterWindowMessageA
PeekMessageA
IsDlgButtonChecked
DrawTextExA
GetFocus
GetSysColor
GetSystemMetrics
PostMessageW
PostMessageA
SetWindowLongA
CheckDlgButton
LoadStringA
SendDlgItemMessageA
InvalidateRect
GetActiveWindow
DialogBoxParamA
EndDialog
GetDlgItemTextA
GetWindowRect
MoveWindow
SetDlgItemTextA
PeekMessageW
GetClipboardFormatNameA
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
GetParent
ClientToScreen
GetWindow
BeginPaint
GetDlgItem
wsprintfA
DestroyWindow
CreateWindowExA
FillRect
GetWindowLongA
SetFocus
DrawTextA
SetDlgItemInt
SetWindowPos
ReleaseCapture
KillTimer
DrawFocusRect
SetTimer
SetCapture
SetCursor
GetKeyState
DefWindowProcA
EnableWindow
GetCursorPos
ScreenToClient
PtInRect
DrawEdge
FrameRect
InflateRect
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
CharNextA
SetRect
UpdateWindow
IsWindow
GetScrollRange
ScrollWindow
OffsetRect
SetScrollRange
GetClientRect
SetScrollPos
IsWindowVisible
SetParent
MessageBoxA
MessageBeep
EndPaint

ole32

CreateOleAdviseHolder
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoCreateInstance
OleLoadFromStream
OleSaveToStream
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
VariantClear
SysAllocString
GetErrorInfo
SysAllocStringLen
SysStringLen
VariantInit
VariantChangeType
OleCreatePictureIndirect
SysFreeString
OleTranslateColor
SafeArrayRedim
OleCreateFontIndirect

gdi32

SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetWindowOrgEx
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
SelectPalette
RealizePalette
GetDIBits
GetPaletteEntries
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
CreatePen
DeleteObject
CreateSolidBrush
SelectObject
GetObjectA
DeleteDC
StretchBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
RestoreDC
ExcludeClipRect
SaveDC
LineTo
MoveToEx
SetTextColor
SetBkMode
GetCurrentPositionEx
SetViewportExtEx
SetWindowExtEx
DPtoLP
SetMapMode
GetTextColor
CreateBitmap
EnumFontFamiliesExA
GetDeviceCaps
GetTextExtentPoint32A
CreateFontIndirectA
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
help.chm
.chm
下载说明.htm
.html .js polyglot
净坛使者.com
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

JTSZ
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JTSZ
Size: 168KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
控件外挂.ini
说明.txt

Sharing

General

Malware Config

Signatures

Files

e87e749ebc55d5130c2bb4db48b707d0

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

JTSZ Size: - Virtual size: 588KB

JTSZ Size: 168KB - Virtual size: 172KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 16KB - Virtual size: 16KB

JTSZ
Size: - Virtual size: 588KB

JTSZ
Size: 168KB - Virtual size: 172KB

.rsrc
Size: 2KB - Virtual size: 4KB