c120768912ae565038c1223875dceaf0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c120768912ae565038c1223875dceaf0_JaffaCakes118
Size

550KB
MD5

c120768912ae565038c1223875dceaf0
SHA1

f79bf540cc76f3c98784f2db5998ee94574ca168
SHA256

be84328602a8803343666597b1b8b1a6c15b91b7e2d8afafe00cfb336f9fb834
SHA512

7181e21229619c542cb84d2336257f502745a98841c069f82cbf690ac5fd354b3f6a035dfe8b90d500e24954e374b341d84614984f50c35e8f6ce1240f44abe9
SSDEEP

12288:U1jEAFapw0Y4owZEOYYpMOI1/rOQp8IJKhuLcYCL:UFEAFMwF8ZEOYYC1/r1jLcYA

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360安全卫士诊断工具.exe
unpack001/check.dll

Files

c120768912ae565038c1223875dceaf0_JaffaCakes118
.rar
360安全卫士诊断工具.exe
.exe windows:4 windows x86 arch:x86

5ee44bada259e7eab4dea9073fd35c88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnprintf
_chkstk
mbstowcs
memmove
RtlUnwind
strncmp
NtQueryVirtualMemory
_stricmp
sprintf

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord6375
ord561
ord815
ord781
ord2621
ord6438
ord1205
ord1134
ord6055
ord1776
ord5290
ord3402
ord3708
ord1146
ord1168
ord567
ord2302
ord4224
ord6199
ord3874
ord4160
ord2863
ord2379
ord755
ord470
ord6134
ord922
ord3499
ord2515
ord355
ord4274
ord4673
ord4441
ord4710
ord4234
ord641
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord6663
ord6648
ord537
ord924
ord6877
ord2818
ord941
ord939
ord540
ord860
ord535
ord858
ord800
ord823
ord825
ord3738
ord1576

msvcrt

setlocale
malloc
free
__dllonexit
_beginthread
_onexit
_exit
_XcptFilter
exit
__CxxFrameHandler
_acmdln
__getmainargs
_initterm
__setusermatherr
__p__commode
_adjust_fdiv
__p__fmode
__set_app_type
_mbsrchr
_setmbcp
_controlfp

kernel32

GetLastError
CreateThread
WaitForMultipleObjects
TerminateThread
ReadFile
CreateFileA
GetFileSize
FindFirstFileA
FindClose
WaitForSingleObject
Module32Next
Module32First
CreateProcessA
CreateToolhelp32Snapshot
Process32First
CloseHandle
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
GetFileAttributesA
GetVersionExA
VirtualFree
VirtualAlloc
WriteFile
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileAttributesExA
LoadLibraryW
LocalFree
LocalAlloc
CreateFileW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceA
WritePrivateProfileStringA
GetTempFileNameA
GetModuleHandleA
GetStartupInfoA
GetTempPathA
Process32Next
GetTickCount

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetWindowTextA
GetDlgItem
LoadIconA
EnableWindow
PostMessageA
SendMessageA

advapi32

CloseServiceHandle
OpenServiceA
QueryServiceStatus
OpenSCManagerA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

urlmon

URLDownloadToFileA

msvcp60

?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xran@std@@YAXXZ

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathAppendA
wnsprintfA
SHGetValueA
StrStrIA
PathFileExistsA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LibDefa.dat
LibRun.dat
LibSrv.dat
LibTask.dat
Libclsid.dat
check.dll
.dll windows:4 windows x86 arch:x86

95ba0b2328adee09b8d5877cdfcbac2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
CopyFileA
CreateProcessA
DebugBreak
OutputDebugStringA
InterlockedIncrement
GetFileTime
OpenFile
GetEnvironmentVariableA
LoadLibraryA
MultiByteToWideChar
WaitForSingleObject
WriteFile
SetFilePointer
CreateFileA
WideCharToMultiByte
lstrlenW
FreeLibrary
GetTickCount
GetSystemTime
GlobalMemoryStatus
GetPrivateProfileStringA
RemoveDirectoryA
ReadFile
GetFileSize
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ReadProcessMemory
UnmapViewOfFile
GetACP
MapViewOfFile
CreateFileMappingA
FlushFileBuffers
LoadLibraryW
CreateFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetProcessHeap
lstrcpynA
SetFileAttributesA
DeleteFileA
MoveFileExA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
CreateDirectoryA
SearchPathA
LocalFree
GetTempPathA
ExpandEnvironmentStringsA
VirtualQuery
GetModuleFileNameA
GetCurrentDirectoryA
GetLongPathNameA
GetShortPathNameA
FindFirstFileA
FindClose
GetFileAttributesA
GetVersionExA
lstrlenA
InterlockedDecrement
GetWindowsDirectoryA
GetSystemDirectoryA
GetLastError
LocalAlloc
FindNextFileA

user32

DestroyIcon
CharLowerA
wsprintfA
wvsprintfA
CharNextA
LoadStringA
SendMessageA
IsWindow
DispatchMessageA
TranslateMessage
PeekMessageA

advapi32

CloseServiceHandle
GetExplicitEntriesFromAclA
DeleteAce
LookupAccountSidA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegEnumValueA
RegOpenKeyExA
EnumServicesStatusA
OpenSCManagerA
GetTokenInformation
ControlService
QueryServiceStatus
OpenServiceA
DeleteService
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoGetMalloc
CoInitialize
CoCreateInstance
CoUninitialize
StringFromCLSID

shlwapi

SHGetValueA
SHEnumValueA
StrStrIA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
PathFindFileNameA
PathFindExtensionA
StrCmpNIA
UrlGetPartA

msvcrt

_open
free
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
vsprintf
strtok
_ismbcspace
strncmp
_mbsicmp
_strdup
strncat
_strlwr
_mbsnbcmp
isalnum
fputs
_mbsstr
memmove
time
ctime
localtime
_mbscmp
strcmp
sprintf
_wcsicmp
_except_handler3
fopen
rewind
fgets
_strnicmp
fseek
fprintf
fclose
atol
_stricmp
_read
_close
_lseek
_tell
_mbschr
memcmp
atoi
_ismbcdigit
wcslen
memset
_snprintf
strcpy
??2@YAPAXI@Z
__CxxFrameHandler
memcpy
strrchr
strchr
strlen
strncpy
strstr
strcat
_mbsnbcpy
malloc

ws2_32

htons
WSCEnumProtocols
WSACleanup
htonl
WSAStartup
WSCGetProviderPath

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
HttpSendRequestA
InternetOpenA
InternetReadFile

Exports

Exports

ADDebug
EngCount
EngDelete
EngDisable
EngEnable
EngGetGroup
EngGetNext
EngGetReport
EngGetUrlHistory
EngInit
EngLib_Init
EngLoad
EngPost
EngRemove
EngSetLoadDisabled

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libdll.dat
libdrv.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

5ee44bada259e7eab4dea9073fd35c88

Headers

File Characteristics

Imports

ntdll

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

urlmon

msvcp60

version

shlwapi

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3KB

.sxdata Size: 4KB - Virtual size: 4B

.rsrc Size: 164KB - Virtual size: 163KB

95ba0b2328adee09b8d5877cdfcbac2a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcrt

ws2_32

psapi

version

wininet

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 48KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 164KB - Virtual size: 163KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 48KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB