fab4c4b1d9c0fe7b0b2785808a3e00f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fab4c4b1d9c0fe7b0b2785808a3e00f8_JaffaCakes118
Size

535KB
MD5

fab4c4b1d9c0fe7b0b2785808a3e00f8
SHA1

afecad4fd8034af4e0e5d4405cc496589bea1eee
SHA256

3d2765abb33c79858adaedae5034d40077bb0b44cd2ecf5b19dde1c14f2fe331
SHA512

59f19b98a31122d126d92e333a8a6c42dcc7bad41dff794855830dc1c9ec88306f52ce74ac035694a403b15fc761aac3f6f0cac0af56fd9f572fd4ed323ba5be
SSDEEP

12288:/nTmriFM9x9Au3DIXRiTLJCuNo2qn193pvj:7m+69pIXRyClnHpvj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/QQ餐厅小分队1.3.8/QQ餐厅小分队1.3.8.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ餐厅小分队1.3.8/QQ餐厅小分队1.3.8.exe

Files

fab4c4b1d9c0fe7b0b2785808a3e00f8_JaffaCakes118
.rar
QQ餐厅小分队1.3.8/QQ餐厅小分队1.3.8.exe
.exe windows:5 windows x86 arch:x86

400cb536c59817e7c53cfbd896534a2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsDebuggerPresent
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
GetStartupInfoW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetFileTime
GetFileSizeEx
FindFirstFileW
lstrlenA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
RaiseException
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedDecrement
GetCurrentProcessId
GetModuleFileNameW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
GetModuleHandleA
FormatMessageW
LocalFree
MulDiv
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
lstrlenW
FreeResource
Sleep
SetFileTime
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
WriteFile
CreateFileW
SetFilePointer
GetModuleFileNameA
ReadFile
CloseHandle
CreateFileA
FindClose
FindFirstFileA
ExitProcess
TerminateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
GetCurrentProcess
WideCharToMultiByte
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetLastError
FindResourceW
LoadResource
LockResource
LCMapStringA
SizeofResource
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
EndDialog
FrameRect
DrawStateW
OffsetRect
CopyRect
TrackPopupMenuEx
GetSubMenu
GetActiveWindow
ClientToScreen
GetNextDlgTabItem
GetWindowLongW
DestroyMenu
DestroyCursor
wsprintfW
SetCapture
ReleaseCapture
WindowFromPoint
PtInRect
GetCursorPos
MapWindowPoints
TrackMouseEvent
SetCursor
ShowCursor
ReleaseDC
CreateIconIndirect
GetIconInfo
DrawIconEx
InflateRect
GetParent
FillRect
GetSysColorBrush
IsWindow
LoadImageW
LoadCursorW
GetSysColor
DestroyIcon
GrayStringW
DrawTextExW
RegisterClipboardFormatW
DrawTextW
TabbedTextOutW
EnableWindow
GetDC
MessageBeep
GetNextDlgGroupItem
PeekMessageW
PostMessageW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadMenuW
AppendMenuW
GetSystemMenu
LoadIconW
KillTimer
InvalidateRect
MessageBoxW
SetForegroundWindow
SetActiveWindow
SetTimer
IsChild
UnregisterClassW
CharUpperW
GetCapture
SetRect
IsRectEmpty
CopyAcceleratorTableW
GetWindowRect
SendMessageW
PostThreadMessageW
DrawFocusRect
SetWindowContextHelpId
MapDialogRect
WaitMessage
PostQuitMessage
GetWindowThreadProcessId
GetMessageW
TranslateMessage
ValidateRect
CharNextW
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetDlgItem
InvalidateRgn
MessageBoxW

gdi32

Rectangle
GetDIBits
SetDIBits
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
GetPixel
SetPixel
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetMapMode
LineTo
MoveToEx
CreatePen
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetMapMode
GetRgnBox
CreateFontW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetBoundsRect
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32W
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysFreeString
VariantClear
SysStringLen
OleCreateFontIndirect
VariantCopy
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantChangeType
VariantInit

ws2_32

sendto
connect
WSASetLastError
WSAGetLastError
bind
select
socket
recvfrom
inet_addr
closesocket
WSACleanup
WSAStartup
gethostbyname
send
htonl
WSAAsyncSelect
htons
recv
ntohl
accept
inet_ntoa

gdiplus

GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageGraphicsContext

winmm

sndPlaySoundW

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetGetCookieW
InternetGetCookieExA
InternetReadFile
InternetOpenUrlW
InternetOpenW
DeleteUrlCacheEntryW
InternetCloseHandle

Exports

Exports

��yO�V�&�d�{k�+�S�_��R�]�/�w^��ј��C�)hف�^{T��!R-X��Vn�џ:ơ3��TϚ]��X��`՛��$�C�R�]y%sT�'��o��4`/IK�>B@m�Х�@(�qU#k��G�d��( K�v�+�9��B�9| ��Ȓqo��H��g�.��ԩ1��YR>Qo��PN��,Jg�B4�� h|��q��Y�8M�.Vv�XO�╞&�]�O�xj��%t �3��>�u��!c��X�X`��.�'��xܮI�ϐ��V��hS�[?n�ut�<Z|�:"��W'ұ��!V?��˴(�k Z�-��K��2_�x;�-�dR�_i�qY�&� ��m�Kg��R�y7�i��{�u�)��[��"+[ZR��e ��K��-x��_z!��؝�,>��A=]��,̻�*��pz�d�v��ٳ�j�l��s��쎉��<H�:��颻�)��ϧ{L��1�%��R�j��w�$W��0�AA��C��I��[��i1�D��T6ـy�{��ȩ�M��t;�8 �[�>��ӥv��* ��Ok��D��I�3S��V��<��v�'^2�!�7z��(ݸ+�'��B|�f��E�0k��R��$��{_̢��A��2��Lxk�ÑA>��5yI�lgZ�Չ��lJ�{�yl[%.��w>��C��䢹Tu�Y/�~3��B�TXM�\��2��دي�6+�m�\�򨟁�l�B�17Y�k��2��$�A7��S4ǡ�hr�H�Gݶ��W#��5� �U�FM��W��2�2[\&|�a��ў��r}�X+�o8l��\�C�`S�`1��Ġ��&��}R�h6t�{��.`��p�� D�T��6�r��?/"��n�8�p�,;S�͛B�bLT_J�;��S�g��g�eȖ�;��h�Mv�¶}F��~�_�"��q��\^�S��S^��g��(Z��"S54�I�~I��c0�}�|��Q��Њ��Z��HRbZf,�2ax�B��8:?�~��U��i�qg4S� ��i�Y�誹��n6��1҅��X(��~p��{�"˝�� l�Qћ��E0�b��c֫��ܑI�l��9yj}��`sj��F��823ڑǴB��܈��_m��&�A�4l��F�`�P,Q�Y�FĞ��/v�.Eߙ��ͷ[�#Z�I,�B n7��xcZ��=� �ͱ��b�{#� �㷍%_�Ux�ج�Un�Fv��"06�H\E��_W�%�&؍R��qO�L�?�w}�eh�f�,Q؈��.��m��/�a�8�$jN�H�E��m~#Xf�P؁�]��G��=��Z}G��y�A��vË��>A�щ��{��b� |�ݲMK��g��0!�ky��K�Y�h�� `�~OK�BO�+��4��M�n}��2�@�a�dA��pb�h w��Yvi�4J��x�!��t�A�NH�p٤��Y�X1X�e�uMs�S��'��e UGSI��(�W��l]p�q��9T)D�-I��rf�U�12�K�}�+�(��*e)�P��R�(��S�Y*5�w2Z9t�� 9��D��]�u<U��rx�1��kٚ�,�V��ѷk�>�{�)�8��<��&��*�#l��V$�nE��r�O�𺲹.c��Ľ��љ��1�$"ë|��4�G�.hK�$[na�h��ŵBd)\�_��:� I��}��O��C'�|Y��T�:��/< �dnW�5)r7}(��@�w�a�uS�/�0&��"F;��|#D^l¼��.�^e,zsz�D=)*`X�7��E�YX�)8�F��L�t˅�j?��N�o��sb?[0� �NG��j$'��ws�Ehœ��)��߮��e>��3��d�B��M�4t�Q��QO��i��D� UC��0�A8! �p?�1�5�8�S�x��0'R��Ih�q�3`1*��yj0 �&$�l'P0i�]�mb��J��Z��d�X��X�$+��G��u~�CZ�5��Q&^E��K0�L�|�e�^��P'��#�}g��9��\�� 92�Nrk0��I�&��Jڙx�d�_\��R��wr�;��=�M�Е�N�� p�̬�t�JShM��];�H0r,R�4n��B!�z� k*Wb��j7A^��z��z��F��"iz�T��O��%�t�ɷwI�(�`�'%�<�CC�H3av�>j&�aW��PT�S��+\XL��D��f�@��}��N� ��>�� gȧ��j�M4��Va3��f�<�(9x?{�ӽW_�K3,�b=��l�鵻j��,��+&s2�B*FF x�"�]M��DVG�K�0�� !c��r��.��:�$q (J��=��>jU��trUaZő��|f+�=�1q��2WO˷��8� ݌� :��(�d��sш ��)�y�Q��NB�:��#��2ƕ�ojfxw�+,b޾�k�L�q&d\�. {s�Nb�� f-۫ ,( .� �O>�F"�ɢ��FX�,lD��L�*H�%�mln,y��M ~��Y6L��[GP�N��̿��׽�A"/�*ו��F��A��c�(�� \DR�o��,�A��k�)r�σ:�/N=�~�N2x�g �'IGۿ9w�u��iN9ơ�+# ��vkѡ�UF�\�*��.�5��!J��Bx��б!��\w�T��hK䝀;%�y-A��]9fӹ|�|�+I1�5�|YRH�)mA��)q��j[�3�$��K�$�� %�Ƚ,i�7��

Sections

.text
Size: - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ餐厅小分队1.3.8/config.xml
.xml
QQ餐厅小分队1.3.8/data.xml
.xml
QQ餐厅小分队1.3.8/免责声明.txt
QQ餐厅小分队1.3.8/说明.txt

Sharing

General

Malware Config

Signatures

Files

400cb536c59817e7c53cfbd896534a2a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

gdiplus

winmm

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 561KB

.rdata Size: - Virtual size: 119KB

.data Size: - Virtual size: 30KB

.rsrc Size: 46KB - Virtual size: 65KB

.vmp0 Size: - Virtual size: 56KB

.vmp1 Size: - Virtual size: 34KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 454KB - Virtual size: 454KB

.reloc Size: 512B - Virtual size: 368B

.text
Size: - Virtual size: 561KB

.rdata
Size: - Virtual size: 119KB

.data
Size: - Virtual size: 30KB

.rsrc
Size: 46KB - Virtual size: 65KB

.vmp0
Size: - Virtual size: 56KB

.vmp1
Size: - Virtual size: 34KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 454KB - Virtual size: 454KB

.reloc
Size: 512B - Virtual size: 368B