d02efc59d0dba4c8c77c4d909e98669a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d02efc59d0dba4c8c77c4d909e98669a_JaffaCakes118
Size

190KB
MD5

d02efc59d0dba4c8c77c4d909e98669a
SHA1

d44a70d8f43dda6ddedee5ba5b3998846ae8fc3c
SHA256

eeaac4a3f6da5d085e1b05319e6d8b9546df923e717a5c49e7260ad04133e33d
SHA512

3fa04ed0d000c45e16e1ed0fb978bc5cfcc432ef11369fba9f39fdfc3f68363d2860be3b8ff44128f90e73fbedeef1b5068a2a25ec33eee7ed23351deecd56f5
SSDEEP

3072:3+QiO5xVsMKx4DTGqt2YmAOtUudWHiQxRjMuPs3y9eHGZjIaIv2Le5qdRRiH+URi:OzO5bKu9m1ZcH6uScOsIaIv2y8zRiH5I

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TenyQQ/TenyQQ.exe
unpack001/TenyQQ/TenyQQreg.exe

Files

d02efc59d0dba4c8c77c4d909e98669a_JaffaCakes118
.rar
TenyQQ/IE补丁.reg
TenyQQ/TenyQQ.exe
.exe windows:4 windows x86 arch:x86

59c2da264024052091a73770fc52fd08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
GetProfileStringA
GetACP
HeapSize
HeapReAlloc
TerminateProcess
RaiseException
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetShortPathNameA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetCurrentDirectoryA
SizeofResource
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
GetProcessVersion
lstrlenW
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GetFileAttributesA
GetTickCount
GlobalAlloc
GetCurrentThread
lstrcmpA
GlobalFree
CloseHandle
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalLock
lstrcpynA
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
GetModuleFileNameA
GetLastError
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
GetStringTypeA
FreeLibrary

user32

GetSysColorBrush
GetClassNameA
LoadStringA
GetDCEx
LockWindowUpdate
InsertMenuA
DeleteMenu
GetMenuStringA
DestroyIcon
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
PostThreadMessageA
CharUpperA
SetParent
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetLastActivePopup
IsIconic
GetFocus
EqualRect
CopyRect
GetDlgItem
FindWindowA
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
EndDialog
WinHelpA
SetMenu
GetClassInfoA
DestroyMenu
SetFocus
ShowWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
PeekMessageA
GetCapture
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
GetActiveWindow
wsprintfA
GetMenuItemID
AdjustWindowRectEx
SetWindowPos
GetWindowLongA
DefMDIChildProcA
DrawMenuBar
TranslateAcceleratorA
TranslateMDISysAccel
DefFrameProcA
CreateWindowExA
BringWindowToTop
GetMenuItemCount
UpdateWindow
GetCursorPos
CreatePopupMenu
UnregisterHotKey
PostMessageA
IsWindowVisible
ClientToScreen
LoadMenuA
KillTimer
GetSysColor
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SendMessageA
CreateDialogIndirectParamA
GetMessageA
ExitWindowsEx
GetMenu
GetSubMenu
AppendMenuA
LoadIconA
RegisterHotKey
SetTimer
EnableWindow
LoadCursorA
CopyIcon
GetWindowRect
GetParent
GetDC
ReleaseDC
InflateRect
RegisterClipboardFormatA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
GetKeyState
PostQuitMessage
InvalidateRect
IsWindow
SetWindowLongA
SetCursor
GetClientRect
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
MessageBeep
TranslateMessage
ValidateRect
SetRect
UnionRect
IsRectEmpty
IsZoomed
WindowFromPoint
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
DispatchMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
SetActiveWindow
MapWindowPoints
GetWindowDC

gdi32

SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
DeleteObject
CreateRectRgn
GetDeviceCaps
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
CreateRectRgnIndirect
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsA
LPtoDP
DPtoLP
GetMapMode
SetRectRgn
CombineRgn
GetTextColor
GetBkColor
BitBlt
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetViewportExtEx
CreateDIBitmap
GetTextExtentPointA
GetStockObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
CommDlgExtendedError
PrintDlgA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

GetFileSecurityA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey
SetFileSecurityA
RegOpenKeyA

shell32

ExtractIconA
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

CoRegisterClassObject
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
StringFromCLSID
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringLen
VariantCopy
VariantClear
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
LoadTypeLi

wsock32

WSAStartup
WSACleanup

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TenyQQ/TenyQQreg.exe
.exe windows:4 windows x86 arch:x86

14e6f0301d8aa87fefbacbe4170fc549

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaVarForInit
ord301
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
__vbaBoolVar
ord307
ord309
__vbaBoolVarNull
_CIsin
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TenyQQ/TenyQQ软件说明.txt

Sharing

General

Malware Config

Signatures

Files

59c2da264024052091a73770fc52fd08

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

Sections

.text Size: 236KB - Virtual size: 233KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 33KB

.rsrc Size: 24KB - Virtual size: 22KB

14e6f0301d8aa87fefbacbe4170fc549

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 164KB - Virtual size: 162KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 236KB - Virtual size: 233KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 33KB

.rsrc
Size: 24KB - Virtual size: 22KB

.text
Size: 164KB - Virtual size: 162KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB