d09334fef574e6b1526243134f50d097_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d09334fef574e6b1526243134f50d097_JaffaCakes118
Size

2.9MB
MD5

d09334fef574e6b1526243134f50d097
SHA1

c70bfbb5caea90876c856f8dcdd5d5a26b90b18d
SHA256

b8b4651f71feaaa5ea15b8310d5ab64c0d5e8f22b2355df6ff9173347ad41ba2
SHA512

ae50c0028c6d5e856504be2b40a2948a4006a5fa80b7b789a5c0418b1c930ef42d08690b31d131675bdfd048e6451c31c04e95295111d0fc4d524f124adb3dba
SSDEEP

49152:PHh7Z80fV0NW8uDmJC/EZTLlgM9OeM172/80Y1GhYYKAS5ASm:Pdy0fuduDmJzJLlgME9sJYYKAS5ASm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d09334fef574e6b1526243134f50d097_JaffaCakes118

Files

d09334fef574e6b1526243134f50d097_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cefebe4f89d5069fed97c899a55e299c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\吴玲玉\代码文件\微端制作\蓝月传奇\Release\lay.pdb

Imports

kernel32

OpenEventA
IsProcessorFeaturePresent
FileTimeToLocalFileTime
CreateFileMappingA
SetEnvironmentVariableA
GetProcessHeap
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
HeapReAlloc
HeapSize
HeapAlloc
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetModuleFileNameA
RtlUnwind
IsBadReadPtr
HeapValidate
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetFileTime
GetFileSizeEx
VirtualProtect
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
GetThreadLocale
LocalAlloc
GetAtomNameW
CompareStringA
InterlockedExchange
lstrcmpA
GetCurrentThread
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
CompareStringW
InterlockedCompareExchange
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
GlobalFree
GetModuleHandleA
GetCurrentProcessId
ResumeThread
GetCurrentThreadId
WaitForMultipleObjects
ExitThread
CreateSemaphoreW
ReleaseSemaphore
SetEvent
LocalFree
DeleteCriticalSection
lstrcmpiW
RaiseException
lstrcmpW
MulDiv
FormatMessageW
InitializeCriticalSection
LoadLibraryExW
GetShortPathNameW
FileTimeToSystemTime
UnmapViewOfFile
MapViewOfFile
GetFileSize
FreeResource
WriteProcessMemory
IsWow64Process
VirtualAllocEx
GlobalUnlock
TerminateProcess
GetVersionExW
ReadProcessMemory
VirtualFreeEx
GlobalAlloc
GlobalLock
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
ResetEvent
lstrlenW
GetModuleHandleW
CreateThread
SetFileAttributesW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
SetProcessWorkingSetSize
RemoveDirectoryW
Process32FirstW
FindClose
GetFileAttributesW
OpenProcess
WaitForSingleObject
FindFirstFileW
GetProcAddress
GetTickCount
FindResourceW
lstrlenA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
EnterCriticalSection
SetLastError
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
WideCharToMultiByte
DeleteFileW
CloseHandle
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
CopyFileW
Sleep
LoadLibraryW
WriteFile
GetPrivateProfileStringW
CreateDirectoryW
SetUnhandledExceptionFilter
FreeLibrary
CreateMutexW
GetCommandLineW
ExitProcess
LockResource
SizeofResource
LoadResource
LoadLibraryA

user32

WindowFromPoint
SetParent
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
GetCapture
KillTimer
ShowOwnedPopups
ValidateRect
UpdateWindow
MapWindowPoints
BringWindowToTop
SetWindowRgn
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
MapDialogRect
ModifyMenuW
InsertMenuItemW
GetMenuItemInfoW
GetMenuState
GetMenuItemID
GetMenuItemCount
EnableMenuItem
CheckMenuItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSysColorBrush
GetWindowDC
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuCheckMarkDimensions
GetKeyState
EndPaint
UnhookWindowsHookEx
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
UnregisterClassW
GetFocus
GetParent
InvalidateRgn
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
InflateRect
InvalidateRect
GetWindowTextW
GetDlgItem
RedrawWindow
GetSysColor
SetWindowTextW
LoadIconW
GetSubMenu
LoadMenuW
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
wsprintfW
keybd_event
SystemParametersInfoW
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
UpdateLayeredWindow
IsIconic
LoadImageW
SetForegroundWindow
GetDC
ReleaseDC
WinHelpW
RegisterHotKey
MessageBoxW
GetSystemMetrics
IsWindowVisible
MoveWindow
PostMessageW
SetTimer
GetWindowRect
IsMenu
MonitorFromPoint
TrackPopupMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
AppendMenuW
GetClassNameW
SetWindowPos
GetCursorPos
CreatePopupMenu
CreateWindowExW
ReleaseCapture
GetForegroundWindow
SetWindowContextHelpId
PostThreadMessageW
GetKeyNameTextW
DestroyMenu
GetMonitorInfoW
MapVirtualKeyW
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
GetMessagePos
GetMessageTime
GetMenu
SetMenu
RemovePropW
GetClipboardFormatNameW
UnregisterHotKey
DefWindowProcW
UnregisterClassA
SetRect
PtInRect
CallWindowProcW
SendMessageW
IsWindow
ShowWindow
SetWindowLongW
GetWindowLongW
SetMenuItemBitmaps
GetPropW
PostQuitMessage
DestroyWindow
GetWindow
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
ClientToScreen
GetDlgCtrlID
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SendDlgItemMessageA
SendDlgItemMessageW
RegisterClassW
GetClassInfoW
IsDialogMessageW
GetMessageW
RegisterClipboardFormatW
CharUpperW
LoadAcceleratorsW
TranslateAcceleratorW
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
GetClipboardFormatNameA
IsRectEmpty
MessageBeep
CopyAcceleratorTableW
LoadBitmapW

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetObjectType
CreatePatternBrush
CreateFontIndirectW
CreateRectRgnIndirect
CreateRoundRectRgn
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
OffsetViewportOrgEx
GetWindowExtEx
DPtoLP
SetMapMode
PtVisible
RectVisible
GetPixel
TextOutW
ExtTextOutW
GetTextExtentPoint32W
Escape
SetViewportOrgEx
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
GetObjectW
GetStockObject
GetClipBox
CreateSolidBrush
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
GetViewportExtEx
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
SetThreadToken
RevertToSelf
OpenThreadToken
RegCreateKeyExW
RegQueryInfoKeyW

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragFinish
DragQueryFileW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW
PathRenameExtensionW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathIsUNCW
PathStripToRootW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
OleLockRunning
CoTaskMemFree
CoFreeUnusedLibraries
CLSIDFromProgID
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
VariantCopy
SysAllocStringLen
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit

wininet

InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCrackUrlW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipDrawImageRectI
GdipDrawImageRectRect
GdipSetStringFormatAlign
GdipCreatePen1
GdipDrawLineI
GdipFillRectangle
GdipDeletePen
GdipReleaseDC
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateFont
GdipAlloc
GdipCreateSolidFill
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteFont
GdipSetTextRenderingHint
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDrawImageRectRectI

psapi

EmptyWorkingSet
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilOidNCmp

sensapi

IsNetworkAlive

ws2_32

WSAStartup
connect
select
WSAGetLastError
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send
htons

Sections

.text
Size: 915KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cefebe4f89d5069fed97c899a55e299c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

psapi

snmpapi

sensapi

ws2_32

Sections

.text Size: 915KB - Virtual size: 914KB

.rdata Size: 227KB - Virtual size: 227KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 118KB - Virtual size: 118KB

.text
Size: 915KB - Virtual size: 914KB

.rdata
Size: 227KB - Virtual size: 227KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 118KB - Virtual size: 118KB