d6124662a47d4d32cbd1f9c96cf07b6c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6124662a47d4d32cbd1f9c96cf07b6c_JaffaCakes118
Size

607KB
MD5

d6124662a47d4d32cbd1f9c96cf07b6c
SHA1

8cf03ffec821a85ab4f55ca25969f15ad53d2a38
SHA256

d038c9ce959e4fabf41d1e06611bf64f9e7245c96c406f1871637bbc790dbcf6
SHA512

ba694d1da9846f0bdc526634376c5145d9e103418842d25cfa8b22ca1c548ef1053810462dd597a529368ddd807a48090e397d91a634cb0a694685de47e6f981
SSDEEP

12288:E3xWKIEsgmaJgZwpBW2qCpUBKawVXfdAI9/B:EBXtsJBMnwdqFlVB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6124662a47d4d32cbd1f9c96cf07b6c_JaffaCakes118

Files

d6124662a47d4d32cbd1f9c96cf07b6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0cfc502943d26d193f5da2cdf166350

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\p3d_branch\QQPets3D1.0Beta6Build307\PDB\Release\QQPetBear.pdb

Imports

kernel32

GetModuleFileNameA
GetPrivateProfileStringA
CloseHandle
GetLastError
LoadLibraryA
FreeLibrary
CreateDirectoryA
OutputDebugStringA
DeleteFileA
RemoveDirectoryA
GetFileAttributesExA
WritePrivateProfileStringA
CreateProcessA
FindClose
FindNextFileA
GetModuleHandleA
GetPrivateProfileIntA
FindFirstFileA
GetPrivateProfileSectionA
SetCurrentDirectoryA
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetLocalTime
SetUnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetFileAttributesA
FindFirstFileExA
InterlockedExchange
GetSystemInfo
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
SetFileAttributesA

user32

KillTimer
SetTimer
GetSystemMetrics
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow
SetClassLongA
LoadIconA
PtInRect
DefWindowProcA
FindWindowA
GetActiveWindow
CreateWindowExA
AdjustWindowRectEx
ChangeDisplaySettingsA
RegisterClassExA
LoadCursorA
PostQuitMessage
GetDesktopWindow
LoadImageA
MessageBoxA
GetWindowRect

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFolderPathA

commclient

??0SERVICES_ROOM_ID@@QAE@XZ
??0RS_GET_EACH_FRIEND_STATE@@QAE@XZ
??1RS_GET_EACH_FRIEND_STATE@@QAE@XZ
??1SERVICES_ROOM_ID@@QAE@XZ
?IsNeedInitConfig@InstOfSoDataMgr@@QAE_NABUQQ_PET_INFO@@@Z
?instance@InstOfSoDataMgr@@SAPAV1@XZ
?cleanup@InstOfSoDataMgr@@SAXXZ
??1RS_FED_BUY_ITEMS@@QAE@XZ
?GetPetID@PET_ID_RESULT@@QBEXAAUPET_ID@@@Z
??0RQ_QUERY_WEATHER_REPORT@@QAE@XZ
??1RQ_QUERY_WEATHER_REPORT@@QAE@XZ
??0QQ_PET_INFO@@QAE@XZ
??1QQ_PET_INFO@@QAE@XZ
??1PET_ID@@QAE@XZ
??0PET_ID@@QAE@XZ
??1SVC_SVR_INFO@@QAE@XZ

msvcp80

?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeGetTime
timeBeginPeriod

shlwapi

PathAppendA

msvcr80

atoi
vsprintf_s
_itoa_s
__argc
_stricmp
__argv
_access
strchr
strrchr
_snprintf_s
strcpy_s
_purecall
_mbsnbcpy_s
_mbschr
strcat_s
_vsnprintf_s
_mbsrchr
sscanf_s
fseek
ftell
malloc
rewind
fread
??_V@YAXPAX@Z
fopen_s
fclose
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
free
memset
sprintf_s
??3@YAXPAX@Z
_mbscmp
_set_invalid_parameter_handler
_controlfp_s
_localtime64_s
_close
strftime
_fstat64i32
??0exception@std@@QAE@ABQBDH@Z
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
realloc
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
memcpy_s
_aligned_malloc
_aligned_free
_aligned_realloc
_sopen_s

dbghelp

MiniDumpWriteDump

Exports

Exports

CreateInterface
GetMemAlloc
GetServiceInterfaceManager
ReleaseInterface

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvmp
Size: 720KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0cfc502943d26d193f5da2cdf166350

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

commclient

msvcp80

winmm

shlwapi

msvcr80

dbghelp

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 16KB - Virtual size: 15KB

.tvmp Size: 720KB - Virtual size: 724KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 16KB - Virtual size: 15KB

.tvmp
Size: 720KB - Virtual size: 724KB