d39a2585a9b4f06ef2f23a29be004061_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d39a2585a9b4f06ef2f23a29be004061_JaffaCakes118
Size

1.8MB
MD5

d39a2585a9b4f06ef2f23a29be004061
SHA1

f78f06b9dc2a7ea8860cfcc9f705856f4c3552e7
SHA256

b288f969d6e3561d08f48de603ff563d606922f6f86c965a4067e6c07c96c0ef
SHA512

0b59b0c1e756f3f9c74c4ae56b4856b443cd6339df224c03d5c30eb979f560f6b17b91b8166e75460040be9cd7a3b8b8853f8a590f7fa6fe584619166202bc9d
SSDEEP

49152:piJ4kXh/+gRLCKxw2T6aHhQftkkITL8MX4IcD42:p4Plnxw8QftkkI5q42

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/168邮件搜索采集大师(绿色版免安装）/DBHelper.dll
unpack001/168邮件搜索采集大师(绿色版免安装）/HCCom.dll
unpack001/168邮件搜索采集大师(绿色版免安装）/cjzck.dll
unpack001/168邮件搜索采集大师(绿色版免安装）/ljwj.dll
unpack001/168邮件搜索采集大师(绿色版免安装）/souemail.exe

Files

d39a2585a9b4f06ef2f23a29be004061_JaffaCakes118
.rar
168邮件搜索采集大师(绿色版免安装）/DBHelper.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
168邮件搜索采集大师(绿色版免安装）/HCCom.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
168邮件搜索采集大师(绿色版免安装）/cjzck.dll
.dll windows:4 windows x86 arch:x86

f2a76fc7d1ad114ef85a0578fb32d4fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ben\加密工程\savefile\release\SaveFile.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

msvcp80

??0locale@std@@QAE@PBDH@Z
??1locale@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_WH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?close@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encoded_null
free
_malloc_crt
_encode_pointer
??2@YAPAXI@Z
toupper
wcscpy_s
strcpy_s
sprintf
??_V@YAXPAX@Z
sprintf_s
??3@YAXPAX@Z
__CxxFrameHandler3
memset
memcpy

Exports

Exports

GetID
Win32SaveFile

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
168邮件搜索采集大师(绿色版免安装）/db/TreeNodeCom.asp
168邮件搜索采集大师(绿色版免安装）/ljwj.dll
.dll windows:4 windows x86 arch:x86

5946102212fc38379f0a7686424bedc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy
LocalAlloc

version

VerQueryValueA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

user32

DestroyMenu

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegEnumKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantChangeType

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: 104KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
168邮件搜索采集大师(绿色版免安装）/souemail.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
168邮件搜索采集大师(绿色版免安装）/souemail.exe.config
.xml
168邮件搜索采集大师(绿色版免安装）/youjian168.com唯一官方网首页.url
.url
168邮件搜索采集大师(绿色版免安装）/产品使用说明书.txt
168邮件搜索采集大师(绿色版免安装）/安装前必读(重要说明).txt
168邮件搜索采集大师(绿色版免安装）/搜索关键字范例演示(请导入此任务).txt
168邮件搜索采集大师(绿色版免安装）/新云软件.url
.url
168邮件搜索采集大师(绿色版免安装）/更新记录.txt

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 16KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 40KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 28KB

f2a76fc7d1ad114ef85a0578fb32d4fd

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 1024B - Virtual size: 932B

5946102212fc38379f0a7686424bedc7

Headers

File Characteristics

Imports

kernel32

version

psapi

iphlpapi

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 228KB

.rsrc Size: 20KB - Virtual size: 17KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 660KB

.data Size: 480KB - Virtual size: 480KB

.data Size: 4KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 1024B - Virtual size: 932B

.text
Size: 104KB - Virtual size: 228KB

.rsrc
Size: 20KB - Virtual size: 17KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 660KB

.data
Size: 480KB - Virtual size: 480KB

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 72KB - Virtual size: 72KB