d72d969f74ae5371012bfca678823e19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d72d969f74ae5371012bfca678823e19_JaffaCakes118
Size

1.2MB
MD5

d72d969f74ae5371012bfca678823e19
SHA1

25f8004c2096ea8b49a6b311c5fc683ce3051508
SHA256

dc118d33695f551e9c7d939a680322fb31145c6f836c71199d1477431cd0407f
SHA512

307fc3eb4442b0f6748e80b2c43454a5977fefaebc91b7ad13b6ec1ca98a070f9383a7c85e9f4be73741e2b92488d39099a897408be6f677eca27fa2d8bbbb3d
SSDEEP

24576:Ah+DX5FtRCF3xtJV0/RVfJWyZ7A0fQjlDneQnLHDBy/LIpK4WC7Vi:HX5Ftc3vD0PPETjlDeQLj0/GKa7Vi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CF刷枪软件v8.0/baobaocfv8.0.exe

Files

d72d969f74ae5371012bfca678823e19_JaffaCakes118
.rar
CF刷枪软件v8.0/baobaocfv8.0.exe
.exe windows:4 windows x86 arch:x86

92249e6d3b9cbc5dd2f45a1ecf8bf296

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetClientRect
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
CopyRect
wsprintfA
MessageBoxA
UnregisterClassA

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
SetFilePointer
GetFileSize
ReadFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CreateFileA
WriteFile
CloseHandle
IsBadReadPtr
SetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
RtlMoveMemory
lstrcpyn
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
GetCommandLineA
GetOEMCP
GetCPInfo
FlushFileBuffers
GetCurrentProcess
SetErrorMode
GetProcessVersion
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
lstrlenA
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId

gdi32

GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.6MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CF刷枪软件v8.0/游戏大全.url
.url
CF刷枪软件v8.0/游戏说明.txt

Sharing

General

Malware Config

Signatures

Files

92249e6d3b9cbc5dd2f45a1ecf8bf296

Headers

File Characteristics

Imports

user32

kernel32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 7.6MB - Virtual size: 7.7MB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 7.6MB - Virtual size: 7.7MB

.rsrc
Size: 36KB - Virtual size: 36KB