fafdf57b9ce8c3abdb1bc70480e3994e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fafdf57b9ce8c3abdb1bc70480e3994e_JaffaCakes118
Size

1.1MB
MD5

fafdf57b9ce8c3abdb1bc70480e3994e
SHA1

c21caf6e84e1288952de2fc829657a2f07243290
SHA256

7d6ecfadec52e3c5888a7db62fdbb7f9612980210eb38e587454b8d76458d8f2
SHA512

0ad096d37fb5922215535cf3f8d33a2d39cf8bf5b6dbf9c3d9b25c41fa7b50838435b63a8a92a41fc5929ada8920fd8659f3e9a5055acc156d3c71ab2a53dfe0
SSDEEP

24576:lYrCmbBXYx+mkWLpa5JKuFyMQoxGFYa3TCYFNYqezED+zWqyFJAyOExQadVt7:OJBXYx5kgpaCu0jimYa3TCLID+CqyFSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/免费SEO优化软件/AutoUpdate.exe
unpack001/免费SEO优化软件/BaiDu_SEO.Model.dll
unpack001/免费SEO优化软件/BaiDu_SEO.Xml.dll
unpack001/免费SEO优化软件/DevComponents.DotNetBar2.dll
unpack001/免费SEO优化软件/Uninstall.exe
unpack001/免费SEO优化软件/免费SEO优化软件.exe

Files

fafdf57b9ce8c3abdb1bc70480e3994e_JaffaCakes118
.rar
免费SEO优化软件/AutoUpdate.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BaiDuSeo\AutoUpdate\obj\Debug\AutoUpdate.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
免费SEO优化软件/BaiDu_SEO.Model.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BaiDuSeo\BaiDu_SEO.Model\obj\Debug\BaiDu_SEO.Model.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
免费SEO优化软件/BaiDu_SEO.Xml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BaiDuSeo\BaiBu_SEO.Xml\obj\Debug\BaiDu_SEO.Xml.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
免费SEO优化软件/DevComponents.DotNetBar2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
免费SEO优化软件/Uninstall.exe
.exe windows:5 windows x86 arch:x86

33e4d131aa63d923416dd6ec0c1f766a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msiexec.pdb

Imports

msvcrt

_vsnwprintf
wcsrchr
_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_vsnprintf

advapi32

SetSecurityDescriptorOwner
StartServiceCtrlDispatcherW
OpenThreadToken
RevertToSelf
GetTokenInformation
MakeAbsoluteSD
RegGetKeySecurity
GetSecurityDescriptorOwner
EqualSid
RegisterServiceCtrlHandlerW
SetServiceStatus
RegEnumKeyExW
CreateServiceW
OpenSCManagerW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
SetThreadToken
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetLengthSid
AllocateAndInitializeSid
FreeSid
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW

kernel32

GetCurrentThread
CompareStringW
GetFileType
GetStdHandle
GetCommandLineW
ExitProcess
SetConsoleCtrlHandler
CreateThread
GetUserDefaultLangID
GetSystemDirectoryW
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
GetStartupInfoA
SetLastError
lstrlenW
lstrcmpiW
InterlockedExchange
GetLastError
CloseHandle
GetCurrentProcess
Sleep
GetVersionExW
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
lstrcpynW
lstrcpynA
WideCharToMultiByte
OpenEventW
GlobalAlloc
GlobalFree
FreeLibrary
UnhandledExceptionFilter
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
lstrcmpW
FormatMessageA
GetSystemDefaultLangID
LoadLibraryExW
WriteFile
FormatMessageW
GetLocaleInfoW
GetACP
GetUserDefaultUILanguage
SetCurrentDirectoryW
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
OpenProcess
CreateEventW

user32

PostQuitMessage
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageW
IsCharAlphaNumericW
PostThreadMessageW
MsgWaitForMultipleObjects

ntdll

NtQueryInformationProcess

ole32

CoUninitialize
StgOpenStorage
CoInitialize
CoRevokeClassObject
CoRegisterClassObject

msi

ord197
ord280
ord190
ord70
ord141
ord199
ord88
ord131
ord184
ord175
ord240
ord222
ord196
ord169
ord78
ord148
ord136
ord8
ord228

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
免费SEO优化软件/Xml/Config.xml
.xml
免费SEO优化软件/Xml/LL.xml
.xml
免费SEO优化软件/Xml/XG.xml
.xml
免费SEO优化软件/Xml/XL.xml
.xml
免费SEO优化软件/softInfo.ini
免费SEO优化软件/使用说明.txt
免费SEO优化软件/免费SEO优化软件.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BaiDuSeo\BaiDu_SEO\obj\Debug\互利多SEO全能优化软件.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
免费SEO优化软件/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 848B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 16KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 864B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

33e4d131aa63d923416dd6ec0c1f766a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ntdll

ole32

msi

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 7KB - Virtual size: 11KB

.rsrc Size: 7KB - Virtual size: 6KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.0MB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 7KB - Virtual size: 11KB

.rsrc
Size: 7KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.0MB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 12B