ee9cefdf42a8de7455c47a4205109d38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ee9cefdf42a8de7455c47a4205109d38_JaffaCakes118
Size

1.6MB
MD5

ee9cefdf42a8de7455c47a4205109d38
SHA1

0d75b060448d0170b388f6f97566136f57a42241
SHA256

ee29c0a56261ad71157b79709046aa022b77af5cff9cca61164b03c7f05b60b2
SHA512

a932241cc27fa48fe2975b655170cb240092afd7f1d384f6dfc4b44d56d9f5721fd2375df3da8bc7553ee8344317303988b4ff99e748ec21abd0958997bac7fd
SSDEEP

24576:2UWoKSIbfS23h3q89R10YAAcESvjfyOfa00AIh2KKSeBg7E3xHfFhIGEEQZCTPER:2R7bfdBq89RXAVpfVa3UHg7E3VIqI7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/育儿堂儿童教育软件绿色版/ChildTray.exe
unpack001/育儿堂儿童教育软件绿色版/育儿堂教育Child.exe

Files

ee9cefdf42a8de7455c47a4205109d38_JaffaCakes118
.rar
绿色版使用说明.txt
育儿堂儿童教育软件绿色版/Child.dat
育儿堂儿童教育软件绿色版/ChildTray.exe
.exe windows:4 windows x86 arch:x86

9df7337c4ee7601143a768bf6f9905f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
SetStdHandle
GetFileType
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileSize
GetFileAttributesA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FindFirstFileA
FindClose
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrlenW
MulDiv
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
FormatMessageA
LocalFree
LocalAlloc
FreeLibrary
lstrcpyA
lstrcpynA
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CreateEventA
SuspendThread
SetThreadPriority
SetEvent
WaitForSingleObject
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
ResumeThread
WinExec
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
CloseHandle
CreateMutexA
GetStdHandle
GetLastError

user32

CharUpperA
CharNextA
SetWindowContextHelpId
MapDialogRect
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
DestroyMenu
InvalidateRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
LoadStringA
CopyRect
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
GetMenu
GetMenuItemCount
GetMenuItemID
SetWindowPlacement
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
GetSysColorBrush
PtInRect
GetClassNameA
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
LoadMenuA
GetSubMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
SetWindowPos
AnimateWindow
GetWindowLongA
SetWindowLongA
GetWindowRect
EnableWindow
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
LoadIconA
SendMessageA
FindWindowA
RegisterClassA
UnregisterClassA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
LPtoDP
DPtoLP
GetTextColor
GetMapMode
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
GetBkColor
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17

wininet

InternetGetLastResponseInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable

oledlg

ord8

ole32

OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
VariantTimeToSystemTime
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantClear

urlmon

URLDownloadToFileA

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
育儿堂儿童教育软件绿色版/skins/load.swf
育儿堂儿童教育软件绿色版/skins/main3.swf
育儿堂儿童教育软件绿色版/新云软件.url
.url
育儿堂儿童教育软件绿色版/育儿堂教育Child.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9df7337c4ee7601143a768bf6f9905f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

wininet

oledlg

ole32

olepro32

oleaut32

urlmon

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 28KB - Virtual size: 26KB

Headers

File Characteristics

Sections

CODE Size: 1.1MB - Virtual size: 1.1MB

DATA Size: 43KB - Virtual size: 43KB

BSS Size: - Virtual size: 9KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 67KB - Virtual size: 66KB

.rsrc Size: 264KB - Virtual size: 264KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 28KB - Virtual size: 26KB

CODE
Size: 1.1MB - Virtual size: 1.1MB

DATA
Size: 43KB - Virtual size: 43KB

BSS
Size: - Virtual size: 9KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 264KB - Virtual size: 264KB