d750393a52d2e3f41efcf18005404d23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d750393a52d2e3f41efcf18005404d23_JaffaCakes118
Size

757KB
MD5

d750393a52d2e3f41efcf18005404d23
SHA1

f0e403dd665c09a4040b032d150f0b3d2938de70
SHA256

6fcab02cc0c75e7c188ce37e47b3d2da0708a0ccc953f8958fc3abe2cb8eea33
SHA512

416789dd306a5a58a7d8cb496b13eb8db796a0dd8311fdbc8a4ca1b842828014e10dc33d9020f05f9839ccbaee6e51c7f2727abc18905645077e992b78afb989
SSDEEP

12288:Fq/KXt4hIjIMqUKVJHAVKTKrKwdRdog5LRYJns7xzsajQ2Paj08YpaZ1+aIHoYVt:gwbIMqUwJgQTKuqRdoAYJnsthccajK4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DNF天王外挂.exe
unpack001/atl.dll
unpack001/atl71.dll

Files

d750393a52d2e3f41efcf18005404d23_JaffaCakes118
.rar
DNF天王外挂.exe
.exe windows:4 windows x86 arch:x86

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
atl.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6bfedd40b55eb30555a20a996e076ef2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
realloc
_purecall
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

WaitForSingleObject
WideCharToMultiByte
lstrlenW
lstrcpyW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatW
GetModuleFileNameW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetShortPathNameW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalAlloc
DisableThreadLibraryCalls
GetVersionExA
MultiByteToWideChar
lstrlenA
SizeofResource
GetACP
FindResourceW
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
lstrcmpW
FlushInstructionCache
GetCurrentProcess
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetLastError
GlobalUnlock
GlobalLock
FreeResource
GlobalFree
GlobalHandle
LockResource
FindResourceA
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
DelayLoadFailureHook
VirtualAlloc
LoadResource
VirtualFree

user32

TranslateMessage
MsgWaitForMultipleObjects
CharNextW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
ReleaseDC
GetDC
SendMessageW
LoadStringW
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
UnregisterClassW
MessageBoxA
DefWindowProcW
GetSysColor
GetDesktopWindow
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
CallWindowProcW
SetWindowLongW
GetWindowLongW
SetFocus
GetWindow
IsChild
GetFocus
EndPaint
FillRect
GetClientRect
BeginPaint
GetDlgItem
SetWindowPos
IsWindow
RedrawWindow
GetClassNameW
GetParent
DestroyWindow
CreateAcceleratorTableW
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
DialogBoxIndirectParamW
DialogBoxIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
DispatchMessageW
PeekMessageW

gdi32

GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
CreateDCW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atl71.dll
.dll windows:4 windows x86 arch:x86

a0bd0cbc6c3c1f3095dd9342b630fcb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl71.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
LocalAlloc
VirtualQuery
HeapFree
GetProcessHeap
InterlockedCompareExchange
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind

shlwapi

PathFindExtensionW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.data Size: 80KB - Virtual size: 80KB

.rsrc Size: 16KB - Virtual size: 14KB

6bfedd40b55eb30555a20a996e076ef2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 840B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 2KB

a0bd0cbc6c3c1f3095dd9342b630fcb9

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.data
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 16KB - Virtual size: 14KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 840B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB