db311fc7ede4564ff7877eacfdf07ac1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db311fc7ede4564ff7877eacfdf07ac1_JaffaCakes118
Size

503KB
MD5

db311fc7ede4564ff7877eacfdf07ac1
SHA1

10357568209eb2d0558533f176d1623e299cf21d
SHA256

036cecd9790ccc46a079b61f8f9da1a3aace1247d350816d187d2144551e04e1
SHA512

15b739cb2f0a607fa7bb29c41c938b79836ee15b3aa19f09a04cf96d06edc415f4daaaa8fc4a57e33c700d6e023340d3bbbd8a054cf7b0fec99d0f0df9b0cd12
SSDEEP

12288:bKEv9Zi9g5bf2YDGKtlSA9ntnJNHv6u+GAmL8kg2Y:bRsg572yGE9nrdvR8m4MY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/skyQQMsgNS.exe

Files

db311fc7ede4564ff7877eacfdf07ac1_JaffaCakes118
.rar
skyQQMsgNS.exe
.exe windows:4 windows x86 arch:x86

cd455857fd09f454c918dc8ea04df184

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
WSARecv
WSASend
closesocket
send
connect
WSAWaitForMultipleEvents
socket
recv
WSACleanup
WSAStartup
htons
gethostbyname
ntohl
WSACreateEvent
WSACloseEvent
setsockopt

kernel32

LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetFileTime
GetTickCount
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetDriveTypeW
GetConsoleCP
GetThreadLocale
RtlUnwind
GetFileType
GetDriveTypeA
CreateFileA
GetFullPathNameA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentProcessId
GetModuleHandleA
RaiseException
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LockFile
LockFileEx
UnlockFile
GetSystemInfo
FindFirstFileW
FindNextFileW
FindClose
ResetEvent
SignalObjectAndWait
ReleaseMutex
CreateMutexW
GetSystemTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetTempPathW
FlushFileBuffers
GetFileInformationByHandle
GetDiskFreeSpaceW
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
CreateFileW
GetFileAttributesW
MoveFileW
MoveFileExW
DeleteFileW
GetCurrentThreadId
GetVersionExW
GetVersion
FormatMessageA
SetLastError
PulseEvent
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetSystemDirectoryW
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
lstrcmpW
lstrlenW
WaitForSingleObject
CreateEventW
SetEvent
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
Sleep
CreateThread
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetConsoleMode

user32

UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
UnregisterClassA
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
GetNextDlgGroupItem
CharUpperW
CharNextW
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
DestroyMenu
GetSysColorBrush
GetMessageW
DrawIcon
GetSystemMetrics
IsIconic
LoadIconW
CopyIcon
LoadCursorW
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
InvalidateRect
IsWindow
SetWindowLongW
SetCursor
SetCapture
RedrawWindow
ReleaseCapture
PtInRect
GetClientRect
MessageBeep
GetSysColor
UpdateWindow
SendMessageW
EnableWindow
OffsetRect
SetPropW

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
SetViewportExtEx
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
GetWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
SetTextColor
GetClipBox
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
RectVisible
GetStockObject
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
PtVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegQueryValueW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
StrStrIA
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
StgIsStorageFile
StgOpenStorage
CoTaskMemFree
CoGetClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoTaskMemAlloc
OleUninitialize

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysAllocString
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SysFreeString

wsock32

ioctlsocket
bind
listen
accept
htonl
WSASetLastError
inet_ntoa
ntohs
gethostname
WSAGetLastError

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

cd455857fd09f454c918dc8ea04df184

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

iphlpapi

Sections

.text Size: 960KB - Virtual size: 959KB

.rdata Size: 148KB - Virtual size: 145KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 960KB - Virtual size: 959KB

.rdata
Size: 148KB - Virtual size: 145KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 20KB - Virtual size: 18KB