e27bc14c0994aae2f7717fad2f0f065e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e27bc14c0994aae2f7717fad2f0f065e_JaffaCakes118
Size

1.6MB
MD5

e27bc14c0994aae2f7717fad2f0f065e
SHA1

2b78e85acfe0f8e4d47faa28d4b71ce48b3aef86
SHA256

e7abbb14bc77cd8f54f469e7be0bb02b54d88172bffd731055cfcb1bc8ff2f81
SHA512

30d06e1982537d9c7f695dfd09f74613e93c2d044864242df5c627148ef11ca839d9f975ae64056486b5e60a881ddeac68f3e5ee1be6936a57c5d3af18c6e514
SSDEEP

24576:FFB+hReyu+4PiLXt1Ijyqrx6YTG87OVaO:FFB+7eyuvPiLAOqrx3G6OIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e27bc14c0994aae2f7717fad2f0f065e_JaffaCakes118
unpack001/$PLUGINSDIR/24dian.exe

Files

e27bc14c0994aae2f7717fad2f0f065e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/24dian.exe
.exe windows:4 windows x86 arch:x86

71688cb4b7cf8eee7e1864aed8a55acb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\完成项目\24点游戏\源代码\Release\Point24.pdb

Imports

winmm

PlaySoundA

kernel32

LocalFree
FormatMessageA
InterlockedDecrement
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
FileTimeToSystemTime
GetTickCount
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
WritePrivateProfileStringA
GlobalFree
GlobalUnlock
MulDiv
SetLastError
CloseHandle
GetCurrentThread
GlobalLock
GlobalAlloc
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedIncrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GetProcAddress
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CreateDialogIndirectParamA
GetDesktopWindow
wsprintfA
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
LoadCursorA
IsRectEmpty
CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
CharNextA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetNextDlgTabItem
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
EndDialog
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetClassLongA
CharUpperA
GetSystemMetrics
LoadIconA
KillTimer
SetTimer
RedrawWindow
GetDC
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
LoadBitmapA
SetRect
EnableWindow
IsWindowVisible

gdi32

SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
GetBkColor
GetTextColor
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetClipBox
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateBitmap

advapi32

RegOpenKeyA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comdlg32

GetFileTitleA

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleInitialize
OleUninitialize

oleaut32

VariantClear
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/orange-install.ico

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 153KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 2KB

71688cb4b7cf8eee7e1864aed8a55acb

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oledlg

oleacc

winspool.drv

comdlg32

ole32

oleaut32

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 153KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB