f611a87c70ef2bcb1e807562455d0140_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f611a87c70ef2bcb1e807562455d0140_JaffaCakes118
Size

677KB
MD5

f611a87c70ef2bcb1e807562455d0140
SHA1

4b466f655086dde33f45f1448cdf94f18e6d1af9
SHA256

23b15eaa79ff6fa9f4f726c5b2fc1267cfe3e253f4986e3c7ac6ed13ae5e4193
SHA512

0bce4d20cfea7190ec9392e46961fb4a8492692fc0462aef59e872b44c0ca5b653a397bd30ae309234ee62a5d5c5ccd4051fd0a0e40d04f44f2ddc555564f7f6
SSDEEP

12288:/VT+l39ooqOq+jQh91B1ZPlhqVGZY5me6nAoyAPP3/FUWjK03qLT59tcb:9TE9+O8FZtEVpmfnlyAnPFUWF3qJ9tcb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/网易126邮箱批量注册V1.0/shdocvw.dll
unpack001/网易126邮箱批量注册V1.0/网易126邮箱批量注册V1.0.exe

Files

f611a87c70ef2bcb1e807562455d0140_JaffaCakes118
.rar
网易126邮箱批量注册V1.0/shdocvw.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0d6677bd38343051a2b410e44d28157e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shdocvw.pdb

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_ftol
wcslen
free
_vsnprintf
_except_handler3
_wcsnicmp
wcsrchr
_ltow
memmove
malloc
realloc
_vsnwprintf

kernel32

GetSystemDefaultLCID
CreateThread
CompareFileTime
GetSystemTimeAsFileTime
IsDBCSLeadByte
CreateDirectoryA
SetCurrentDirectoryA
SetFilePointer
ReadFile
GetFileSize
WriteFile
FindClose
WaitForSingleObject
SetEvent
CreateFileA
ReleaseMutex
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTempPathA
ExitProcess
GetCommandLineW
OpenMutexW
TlsGetValue
GetSystemTime
GetCurrentProcessId
GlobalFlags
lstrcmpiA
GlobalReAlloc
TlsSetValue
GetLocalTime
GetSystemInfo
OpenMutexA
ReleaseSemaphore
UnhandledExceptionFilter
SetErrorMode
GetCurrentDirectoryA
GetShortPathNameA
ResetEvent
HeapFree
GetProcessHeap
InterlockedExchange
TerminateThread
GetExitCodeThread
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
HeapAlloc
GetLocaleInfoW
LoadLibraryW
DosDateTimeToFileTime
GetModuleHandleW
CreateEventA
LoadLibraryA
VirtualFree
VirtualAlloc
lstrcpynW
GetModuleHandleA
GetProcAddress
LocalFree
LocalAlloc
MultiByteToWideChar
GetVersionExA
lstrcmpA
GetSystemDirectoryA
LocalReAlloc
GetDriveTypeW
CreateMutexA
lstrlenA
Sleep
WideCharToMultiByte
lstrcpynA
GetUserDefaultLCID
GlobalFree
LocalSize
GetTickCount
GetLastError
LoadLibraryExA
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
MulDiv
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
GetACP
CloseHandle
TlsFree
DeleteCriticalSection
FreeLibrary
InterlockedDecrement
FileTimeToSystemTime
InterlockedIncrement
RaiseException
GlobalSize

shlwapi

ord81
ord561
ord231
wnsprintfW
ord24
ord516
ord517
ord446
SHDeleteKeyW
ord491
ord176
ord204
ord509
ord172
ord199
ord164
StrCpyNW
ord117
SHRegGetBoolUSValueW
ord163
ord133
ord154
ord240
ord178
ord84
ord171
ord249
PathCreateFromUrlW
StrChrW
ord346
ord184
SHStrDupW
ord212
ord174
ord284
ord282
PathFileExistsW
ord384
ord287
ord83
ord318
SHRegGetUSValueW
StrCmpNIW
StrStrIW
StrDupW
ord15
SHQueryValueExW
ord120
ord302
ord192
ord303
ord139
ord558
ord564
ord436
ord128
ord125
ord123
ord193
PathQuoteSpacesW
ord75
PathCombineW
ord97
ord299
PathRemoveFileSpecW
ord60
ord116
ord394
ord538
ord149
ord135
ord74
ord104
ord389
ord426
ord427
ord425
ord106
ord108
ord401
ord402
StrCatBuffW
ord57
ord80
ord542
UrlCanonicalizeW
AssocQueryStringW
ord124
SHRegCloseUSKey
SHRegDeleteUSValueW
SHRegOpenUSKeyW
StrDupA
ord122
ord13
ord175
ord127
StrCmpW
StrCmpNW
ord158
ord562
ord146
ord40
PathUnquoteSpacesW
PathRemoveBlanksW
ord539
ord186
ord181
ord237
ord217
ord382
ord168
SHRegSetUSValueW
ord221
ord173
ord220
ord248
ord198
ord79
ord467
ord100
ord2
ord484
ord383
StrStrW
StrChrIW
UrlGetPartW
PathAppendW
ord559
ord138
StrFromTimeIntervalW
ord336
ord99
ord143
ord67
ord216
PathFindExtensionA
UrlCanonicalizeA
ord218
AssocIsDangerous
AssocCreate
ord130
PathUndecorateW
ord103
ord313
PathParseIconLocationW
ord52
ord165
ord16
PathCompactPathW
ord331
ord72
PathIsRelativeW
ord476
ord134
ord87
ord140
PathRemoveExtensionW
ord334
ord50
ord333
PathCommonPrefixW
UrlIsW
StrTrimW
ord36
PathAddBackslashW
SHQueryValueExA
StrCatBuffA
StrStrIA
PathFindFileNameA
StrCmpNIA
SHSetValueA
wnsprintfA
SHGetValueA
ord126
SHDeleteOrphanKeyA
PathRemoveFileSpecA
SHDeleteKeyA
SHDeleteValueA
ord433
SHDeleteValueW
ord294
ord90
ord129
StrToIntExW
ord372
ord373
ord371
ord286
UrlCombineW
ord376
UrlGetLocationW
StrToIntW
ord283
ord281
PathIsURLW
ord51
ord28
ord39
UrlHashW
StrRChrW
StrChrIA
ord41
ord351
ord350
wvnsprintfA
ord65
ord341
ord403
ord360
ord137
ord305
ord71
wvnsprintfW
SHOpenRegStream2W
ord187
ord471
ord270
ord263
PathIsPrefixW
PathSearchAndQualifyW
ord73
ord298
ord296
PathRenameExtensionW
ord12
ord112
ord89
ord236
ord96
ord354
ord370
ord274
ord460
ord76
StrTrimA
ord295
ord98
ord260
ord49
PathCombineA
PathGetArgsW
ord347
ord366
ord121
ord43
ord362
SHRegDuplicateHKey
ord551
ord195
ord197
ord61
ord91
ord53
ord312
StrRetToBufW
ord279
ord479
StrPBrkW
ord113
SHCreateStreamOnFileW
PathCompactPathExW
ord338
ord142
ord182
ord428
ord132
ord355
SHSkipJunction
ord269
ord342
AssocQueryKeyW
PathIsContentTypeW
UrlEscapeW
ord316
PathCanonicalizeW
UrlCreateFromPathW
ord206
ord242
ord243
ord167
ord189
ord188
ord520
ord505
ord507
ord506
ord101
ord93
ord280
ord10
ord9
ord8
ord278
ord105
ord439
StrToIntExA
UrlUnescapeA
ord477
SHRegEnumUSValueW
UrlApplySchemeW
ord462
UrlIsNoHistoryW
StrCSpnW
StrSpnW
ord85
ord367
ord368
ord214
ord310
PathRemoveExtensionA
HashData
UrlUnescapeW
ord496
ord266
ord223
ord222
ord423
ord353
ord319
PathIsURLA
PathRemoveBackslashW
ord375
ord458
ord434
PathCreateFromUrlA
ord357
PathIsFileSpecW
PathIsDirectoryW
PathIsUNCW
SHAutoComplete
ord145
ord480
ord311
ord563
StrFormatKBSizeW
ChrCmpIW
ord229
ord560
SHRegGetValueW
ord157
StrRetToStrW
ord540
PathGetDriveNumberW
ord289
ord267
ord268
ord534
ord1
ord335
ord219
PathFindExtensionW
PathFindFileNameW
ord55
ord315
ord102
ord314
ord37
ord304
ord48
ord131
ord56
ord136
ord141
ord94
ord156
ord161
ord437
ord241
SHCreateShellPalette
ord239
ord461
ord309
SHSetValueW
SHGetValueW
StrCmpIW
ord68
ord95
ord340
ord418
ord549
ord276
ord406
ord416
ord398
ord414
ord107
ord378
ord431
ord215
StrFormatByteSizeW
PathIsUNCServerShareW
PathStripToRootW
ord59
AssocGetPerceivedType
ord352

gdi32

DeleteObject
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SetPaletteEntries
GetPaletteEntries
RealizePalette
SelectPalette
GetStockObject
CreatePalette
SetBkColor
SetBkMode
SetTextColor
SelectObject
GetTextExtentPointW
IntersectClipRect
CreateDCA
CloseEnhMetaFile
CreateEnhMetaFileA
LineTo
MoveToEx
Rectangle
StretchBlt
CreateCompatibleDC
BitBlt
GetTextCharset
CreateCompatibleBitmap
GetTextExtentPoint32W
RestoreDC

user32

PtInRect
UnionRect
ReleaseDC
GetDC
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
BeginPaint
IsChild
GetFocus
IsWindow
DestroyAcceleratorTable
GetKeyState
InvalidateRect
wsprintfW
SetFocus
GetParent
EndDialog
GetWindowLongA
IsWindowEnabled
SetCursor
SetForegroundWindow
SetRect
IsWindowVisible
GetLastActivePopup
GetCapture
GetMenuItemCount
TranslateMessage
ChildWindowFromPointEx
ScreenToClient
GetDlgCtrlID
IsDlgButtonChecked
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetSubMenu
CheckDlgButton
CheckRadioButton
EnableWindow
GetDlgItem
GetDesktopWindow
RemoveMenu
GetMenuState
CreateMenu
MessageBeep
InflateRect
MoveWindow
PostQuitMessage
MapWindowPoints
WaitMessage
GetAsyncKeyState
GetSystemMenu
CreatePopupMenu
SetParent
GetWindow
AdjustWindowRect
GetSysColor
GetNextDlgTabItem
CheckMenuRadioItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MsgWaitForMultipleObjects
IsIconic
SetWindowPlacement
GetWindowPlacement
DdeCreateDataHandle
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeFreeStringHandle
DdeUninitialize
DdeNameService
GetForegroundWindow
DdeFreeDataHandle
DdeGetData
CharLowerBuffA
RegisterWindowMessageA
CharNextA
GetActiveWindow
EnumWindows
ChildWindowFromPoint
SetMenuDefaultItem
GetMenuDefaultItem
GetSystemMetrics
SystemParametersInfoA
DrawIconEx
ChangeClipboardChain
SetClipboardViewer
CopyRect
IsRectEmpty
UpdateWindow
GetMessagePos
GetDoubleClickTime
SetRectEmpty
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowLongA
SendMessageTimeoutA
LoadMenuA
LoadMenuW
InsertMenuA
InsertMenuW
DrawFocusRect
ShowWindowAsync
GetShellWindow
ReleaseCapture
SetCapture
GetWindowDC
TrackMouseEvent
GetCursorPos
CharNextW
RegisterClipboardFormatW
DrawTextExW
SendMessageW
SetWindowTextW
SetTimer
GetSysColorBrush
FillRect
GetWindowRect
RedrawWindow
DestroyWindow
GetClientRect
AdjustWindowRectEx
SetWindowPos
KillTimer
ShowWindow
DestroyIcon
LoadStringA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA

crypt32

CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose

cryptui

CryptUIDlgViewSignerInfoW

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllRegisterWindowClasses
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEWriteErrorLog
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
SetShellOfflineState
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

.text
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 904KB - Virtual size: 903KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
网易126邮箱批量注册V1.0/使用说明.txt
网易126邮箱批量注册V1.0/网易126邮箱批量注册V1.0.exe
.exe windows:4 windows x86 arch:x86

21fd5d7577d026b7fb0086081f0e7ff0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
ord593
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
ord527
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d6677bd38343051a2b410e44d28157e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

shlwapi

gdi32

user32

advapi32

crypt32

cryptui

Exports

Exports

Sections

.text Size: 855KB - Virtual size: 855KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 904KB - Virtual size: 903KB

.reloc Size: 43KB - Virtual size: 43KB

21fd5d7577d026b7fb0086081f0e7ff0

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 855KB - Virtual size: 855KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 904KB - Virtual size: 903KB

.reloc
Size: 43KB - Virtual size: 43KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB