fb90559ce270794032714bddf0407bcb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb90559ce270794032714bddf0407bcb_JaffaCakes118
Size

4.4MB
MD5

fb90559ce270794032714bddf0407bcb
SHA1

e91318a9d74cd89134d612f3a82f4c7d09abc61e
SHA256

b2f5f902703cd330f1ca3ed2e131eec2288e327a3977759e24a5fd8efedb4bca
SHA512

fbef5f42372e37daa7e32ac1ee5b73914ba710c5626ffec0ab81de7677ab4e64e4f6c09faaacc4969bb75a9c8b4af908441f583b4e60dc010bf9a82df4954bde
SSDEEP

98304:OEG9+I1vlW0sGN9pzJJkuwsCE5VLk+EYdPqo83J1GDFC9u5JV:rG00nFzJJkJEjLqouJUFpX

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/小孩桌面便签/DesktopNotes.exe
unpack001/小孩桌面便签/NotesTemplate.exe

Files

fb90559ce270794032714bddf0407bcb_JaffaCakes118
.rar
小孩桌面便签/DesktopNotes.exe
.exe windows:4 windows x86 arch:x86

85470cc2e6a1eb00c6abf431f3e4e626

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
Sleep
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetFilePointer
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
GetLocalTime
GetFileAttributesW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
OpenEventW
CreateEventW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FreeLibrary
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
RaiseException
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileW
GetFileSize
ReadFile
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
MulDiv
GetOEMCP

user32

GetSysColor
FrameRect
ReleaseCapture
AdjustWindowRectEx
UnregisterClassA
PtInRect
CopyRect
InvalidateRect
ReleaseDC
GetDC
SetWindowLongW
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DestroyWindow
CreateDialogParamW
DefWindowProcW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
GetDlgCtrlID
SetCapture
GetMenu
GetCapture
FillRect
IsWindowEnabled
UpdateWindow
LoadBitmapW
SetWindowRgn
DrawTextW
SetLayeredWindowAttributes
SetFocus
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CallWindowProcW
CreateWindowExW
RegisterClassExW
EndPaint
GetWindowLongW
UpdateLayeredWindow
TrackMouseEvent
SetCursor
OffsetRect
SetRect
IsRectEmpty
LoadCursorW
GetClassInfoExW
IsWindow
MessageBoxW
IsWindowVisible
GetWindowDC
ScreenToClient
ClientToScreen
SendMessageW
RemoveMenu
GetMenuItemCount
EnableMenuItem
CheckMenuItem
CreateMenu
LoadImageW
IsDialogMessageW
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostQuitMessage
GetSystemMetrics
GetParent
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
KillTimer
SetTimer
GetWindowRect
PostMessageW
BeginPaint

gdi32

SetStretchBltMode
CreateCompatibleBitmap
GetPixel
CreateSolidBrush
SetBkColor
ExtTextOutW
CreatePen
DeleteDC
CreatePatternBrush
CreateCompatibleDC
SelectClipPath
EndPath
BeginPath
Rectangle
LineTo
MoveToEx
SetBkMode
RestoreDC
SaveDC
CreateDIBSection
GetDeviceCaps
DPtoLP
GetTextMetricsW
SelectObject
SetTextColor
TextOutW
CreateFontIndirectW
DeleteObject
GetObjectW
StretchBlt
EnumFontFamiliesExW
RoundRect
SetPixel
BitBlt
CreateRoundRectRgn

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrCmp
SysFreeString
SysAllocStringLen
SysAllocString

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Draw
ImageList_Destroy
ImageList_GetIconSize
_TrackMouseEvent
ImageList_AddMasked

msimg32

GradientFill

gdiplus

GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRect
GdipReleaseDC
GdipCreateFromHDC
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown

winmm

sndPlaySoundW

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 588KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
小孩桌面便签/NotesTemplate.exe
.exe windows:4 windows x86 arch:x86

066f9bf0487c0dfebd2398737de3a1f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
InitializeCriticalSection
GetEnvironmentStrings
DeleteCriticalSection
GetConsoleMode
GetConsoleCP
GetOEMCP
GetCPInfo
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapCreate
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
CreateFileW
GetFileSize
ReadFile
WideCharToMultiByte
FindResourceExW
LockResource
OpenEventW
CreateEventW
CloseHandle
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
FreeEnvironmentStringsA
lstrcmpiW
GetVersionExA
GetModuleFileNameW
GetLocalTime
GetVersionExW
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
MulDiv
FreeEnvironmentStringsW
RaiseException

user32

GetParent
SetWindowPos
MapWindowPoints
UnregisterClassA
GetWindowLongW
GetSystemMetrics
GetDC
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
CreateWindowExW
GetWindowTextW
ClientToScreen
UpdateWindow
InvalidateRect
SetTimer
KillTimer
IsWindowEnabled
IsWindow
SetWindowLongW
PtInRect
SendMessageW
FillRect
DrawTextW
ScreenToClient
GetCursorPos
GetCapture
OffsetRect
GetWindowTextLengthW
TrackMouseEvent
TrackPopupMenu
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
SetFocus
IsWindowVisible
SetWindowTextW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
DrawIconEx
CreateDialogParamW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
GetActiveWindow
DefWindowProcW
LoadImageW
LoadBitmapW
GetScrollPos
PostQuitMessage
SetCursor
InflateRect
SetRect
MessageBoxW
GetUpdateRect
SetLayeredWindowAttributes
RegisterClassExW
GetKeyState
LoadCursorW
GetClassInfoExW
ShowWindow
MoveWindow
FrameRect
EndPaint
BeginPaint
ReleaseCapture
CallWindowProcW
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
GetMenu
DestroyWindow
ReleaseDC

gdi32

LineTo
MoveToEx
CreateDIBSection
CreateSolidBrush
SetBkColor
ExtTextOutW
GetDeviceCaps
DPtoLP
GetObjectW
CreateFontIndirectW
DeleteDC
SetTextColor
SetBkMode
DeleteObject
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC
CreatePatternBrush
BitBlt
SetStretchBltMode
CreatePen

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VariantClear
VarUI4FromStr
SysFreeString
VarBstrCmp
SysAllocStringLen
SysAllocString

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_Destroy
ImageList_GetIconSize

msimg32

AlphaBlend

gdiplus

GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDrawImageRectI
GdipReleaseDC
GdipCreateFromHDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageFlags
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipAlloc

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
小孩桌面便签/config.xml
.xml
小孩桌面便签/res/1.WAV
小孩桌面便签/res/20101120204944218.png
.png
小孩桌面便签/res/20101120205044718.png
.png
小孩桌面便签/res/20101120205114218.png
.png
小孩桌面便签/res/20101120205144906.png
.png
小孩桌面便签/res/20101120205242250.png
.png
小孩桌面便签/res/20101120205319531.png
.png
小孩桌面便签/res/20101120205343671.png
.png
小孩桌面便签/res/20101121221330531.png
.png
小孩桌面便签/res/20101121221433437.png
.png
小孩桌面便签/res/2010112122156234.png
.png
小孩桌面便签/res/2010112122162656.png
.png
小孩桌面便签/res/notes1.png
.png
小孩桌面便签/res/notes2.png
.png
小孩桌面便签/res/notes3.png
.png
小孩桌面便签/res/notes4.png
.png
小孩桌面便签/res/notes5.png
.png
小孩桌面便签/res/notes6.png
.png
小孩桌面便签/res/notes7.png
.png
小孩桌面便签/template.xml
.xml
小孩桌面便签/使用说明.txt

Sharing

General

Malware Config

Signatures

Files

85470cc2e6a1eb00c6abf431f3e4e626

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

winmm

Sections

.text Size: 216KB - Virtual size: 212KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 588KB - Virtual size: 585KB

066f9bf0487c0dfebd2398737de3a1f4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 344KB - Virtual size: 340KB

.text
Size: 216KB - Virtual size: 212KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 588KB - Virtual size: 585KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 344KB - Virtual size: 340KB