ee7cc23f061af3fe991f5f5a388be201_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ee7cc23f061af3fe991f5f5a388be201_JaffaCakes118
Size

3.4MB
MD5

ee7cc23f061af3fe991f5f5a388be201
SHA1

fd928f7c3bfa54ebd8c531e87b3938b4947e57db
SHA256

2ebd27a9560a661077ae03e7a59698f9706b94ff5e9b8a9c0e49c6e76cf2e250
SHA512

6d214b8cc74c412b6a1eb0a47c8878d23c47e874bb7377c47e119868bab2e1c8729e7ff8a9c7adfae33e8b87231da6b9c524d359eb67b7250d5d0b0491742bc6
SSDEEP

98304:1uFPCfuj6gk69OA8KQjfhOyIT8wzUNzCvR:1uzjhdSjfgyILoN4

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/客户端/SkinH_EL.dll
unpack001/客户端/客户端.exe
unpack001/服务端/SkinH_EL.dll
unpack001/服务端/ccbar语音呼叫-免费版服务端.exe

Files

ee7cc23f061af3fe991f5f5a388be201_JaffaCakes118
.rar
使用说明.txt
客户端/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
RtlUnwind
IsBadCodePtr
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetFilePointer
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
MulDiv
VirtualProtect
FlushInstructionCache
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetVersion
GetCurrentThreadId
GetModuleHandleA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
VirtualQuery

user32

UnhookWindowsHookEx
SetWindowsHookExA
EnumChildWindows
LoadCursorA
SetCursor
EnumThreadWindows
TrackPopupMenu
GetMenuItemID
IsIconic
IsZoomed
GetWindowRgn
IsMenu
GetSubMenu
GetMenuBarInfo
GetMenu
SetWindowRgn
GetSystemMenu
MessageBoxA
GetClassNameA
CallNextHookEx
ScreenToClient
SetCapture
EqualRect
ReleaseCapture
SetWindowPos
KillTimer
SetTimer
MenuItemFromPoint
GetMenuItemRect
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringA
GetMenuState
SetMenuItemInfoA
SetRect
GetActiveWindow
LockWindowUpdate
IsWindowVisible
GetSystemMetrics
ShowScrollBar
FillRect
GetSysColorBrush
EnableScrollBar
GetScrollBarInfo
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
GetWindowDC
GetDCEx
GetDC
MoveWindow
FindWindowExA
GetCursorPos
PtInRect
SetRectEmpty
ClientToScreen
ReleaseDC
GetSysColor
InflateRect
GetParent
GetClassLongA
GetWindowRect
GetComboBoxInfo
OffsetRect
IsRectEmpty
InvalidateRect
GetClientRect
GetWindowTextA
SendMessageA
IsWindowEnabled
GetFocus
GetIconInfo
DrawIconEx
DrawTextA
TrackMouseEvent
BeginPaint
EndPaint
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
SetPropA

gdi32

SetPixel
SetBkColor
TextOutA
GetTextExtentPointA
SetMapMode
CreatePen
CreateSolidBrush
GetStockObject
RoundRect
BeginPath
Rectangle
EndPath
SelectClipPath
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
StretchBlt
GetObjectA
DeleteObject
BitBlt
DeleteDC
SetTextColor
CreateDIBitmap
CreateFontA
CreatePatternBrush
SelectClipRgn
CombineRgn
CreateRectRgn
EqualRgn
OffsetRgn
ExtCreateRegion
CreateDIBSection
GetPixel
PatBlt
SelectObject
Polygon

comctl32

ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt

Exports

Exports

SkinH_Attach
SkinH_Attach_Ex

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
客户端/cc2008.dll
客户端/server.ini
客户端/客户端.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 953KB - Virtual size: 956KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
服务端/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
RtlUnwind
IsBadCodePtr
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetFilePointer
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
MulDiv
VirtualProtect
FlushInstructionCache
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetVersion
GetCurrentThreadId
GetModuleHandleA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
VirtualQuery

user32

UnhookWindowsHookEx
SetWindowsHookExA
EnumChildWindows
LoadCursorA
SetCursor
EnumThreadWindows
TrackPopupMenu
GetMenuItemID
IsIconic
IsZoomed
GetWindowRgn
IsMenu
GetSubMenu
GetMenuBarInfo
GetMenu
SetWindowRgn
GetSystemMenu
MessageBoxA
GetClassNameA
CallNextHookEx
ScreenToClient
SetCapture
EqualRect
ReleaseCapture
SetWindowPos
KillTimer
SetTimer
MenuItemFromPoint
GetMenuItemRect
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringA
GetMenuState
SetMenuItemInfoA
SetRect
GetActiveWindow
LockWindowUpdate
IsWindowVisible
GetSystemMetrics
ShowScrollBar
FillRect
GetSysColorBrush
EnableScrollBar
GetScrollBarInfo
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
GetWindowDC
GetDCEx
GetDC
MoveWindow
FindWindowExA
GetCursorPos
PtInRect
SetRectEmpty
ClientToScreen
ReleaseDC
GetSysColor
InflateRect
GetParent
GetClassLongA
GetWindowRect
GetComboBoxInfo
OffsetRect
IsRectEmpty
InvalidateRect
GetClientRect
GetWindowTextA
SendMessageA
IsWindowEnabled
GetFocus
GetIconInfo
DrawIconEx
DrawTextA
TrackMouseEvent
BeginPaint
EndPaint
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
SetPropA

gdi32

SetPixel
SetBkColor
TextOutA
GetTextExtentPointA
SetMapMode
CreatePen
CreateSolidBrush
GetStockObject
RoundRect
BeginPath
Rectangle
EndPath
SelectClipPath
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
StretchBlt
GetObjectA
DeleteObject
BitBlt
DeleteDC
SetTextColor
CreateDIBitmap
CreateFontA
CreatePatternBrush
SelectClipRgn
CombineRgn
CreateRectRgn
EqualRgn
OffsetRgn
ExtCreateRegion
CreateDIBSection
GetPixel
PatBlt
SelectObject
Polygon

comctl32

ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt

Exports

Exports

SkinH_Attach
SkinH_Attach_Ex

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
服务端/cc2008.dll
服务端/ccbar语音呼叫-免费版服务端.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

data
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
服务端/ccod.dll
服务端/data.mdb

Sharing

General

Malware Config

Signatures

Files

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

Headers

File Characteristics

Sections

data Size: - Virtual size: 1.0MB

data Size: 953KB - Virtual size: 956KB

.rsrc Size: 29KB - Virtual size: 32KB

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

Headers

File Characteristics

Sections

data Size: - Virtual size: 3.8MB

data Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 29KB - Virtual size: 32KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB

data
Size: - Virtual size: 1.0MB

data
Size: 953KB - Virtual size: 956KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB

data
Size: - Virtual size: 3.8MB

data
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 29KB - Virtual size: 32KB