015742c1d92a0d373aa9e8f7a21ef234_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

015742c1d92a0d373aa9e8f7a21ef234_JaffaCakes118
Size

233KB
MD5

015742c1d92a0d373aa9e8f7a21ef234
SHA1

ff8329a34d15e3bc14d6d58f4ca83ef36b71ba31
SHA256

e68c0aa6ecd4429fcf369a241660f6e8fb9375126cfe20ed081ad5f78adc9b11
SHA512

940b62d313b25feba34fd8dcd2b9b5d864f6d1b93c4b3f60e71122bf6b62a65de0b61890422b3ec255dbd1dedee55f4ccf90ab1d2c31829aedcdd2504645182b
SSDEEP

3072:znZvr69mm79c9kOBoQJQ6pGWFmLued/qO/7iT/ZtqxEw:zZvpiaWOBZJFgWFmCe54T/Zt3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
015742c1d92a0d373aa9e8f7a21ef234_JaffaCakes118

Files

015742c1d92a0d373aa9e8f7a21ef234_JaffaCakes118
.exe windows:4 windows x86 arch:x86

697936579d4396cc7d7d0b877d430b4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\TempView\QQ1.83\Output\BinFinal\QQ.pdb

Imports

comctl32

InitCommonControlsEx

common

??0CFmtString@@QAE@XZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??0CTXStringW@@QAE@PA_W@Z
??1CFmtString@@QAE@XZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXBSTR@@QAE@PB_W@Z
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?SetIdleCallback@TXTimer@@YAHPAUITXIdleCallback@@I@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
?GetLength@CTXStringW@@QBEHXZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
ord25
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
?NotifyIdle@Window@Util@@YAJXZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?Stop@TXBugMonitor@@YAHXZ
??1CTXStringW@@QAE@XZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
??0CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?OnExitWinMain@Misc@Util@@YAXXZ
?CheckVistaAndStartSelfMediumLevel@Sys@Util@@YAHXZ
?NotifyIdle@TXTimer@@YAXXZ
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?MinimzeMemory@Sys@Util@@YAXXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?Resolve@HostResolve@Util@@YAJPA_WPAUITXHostResolverSink@@PAK@Z
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?GetSession@TXLog@@YAKXZ
?GetLCID@NLS@@YAKXZ
?SetLogFileMd5Dir@TXBugReport@@YAHPB_W00@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitNetwork@Network@Util@@YAHXZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??BCTXBSTR@@QBEPA_WXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?OnUninitCom@Misc@Util@@YAXXZ
??ICTXBSTR@@QAEPAPA_WXZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Find@CTXStringW@@QBEH_WH@Z
??1CTXBSTR@@QAE@XZ
?Find@CTXStringW@@QBEHPB_WH@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXBSTR@@QAE@XZ
?TrimLeft@CTXStringW@@QAEAAV1@XZ

kernelutil

?GetGlobalSysDir@Sys@Util@@YA?AVCTXStringW@@XZ
?Init@Version@@YAHXZ
?GetMajorVer@Version@@YAEXZ
?GetMinorVer@Version@@YAEXZ
?GetUserDataSaveSetting@Sys@Util@@YA?AVCTXStringW@@AAKAAV3@@Z
?GetProgramRootDir@Sys@Util@@YA?AVCTXStringW@@XZ
?GetVersionExW@Version@@YAXAAUtagVersionInfo@1@@Z
?GetPubNo@Version@@YAKXZ

gf

?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

afutil

?GetEnablePreload@Misc@Util@@YAHXZ
?SetPerfReportDataForWord@PerfDataReportUtil@@YAXPA_WKH@Z
?SetEnablePreload@Misc@Util@@YAXH@Z
?GetMultiLoginInfo@MultiLogin@Util@@YAHPAVCTXStringW@@PAK1@Z
?MarkFinishedLogin@MultiLogin@Util@@YAXH@Z
?GetSSOLoginInfo@SSOLogin@Util@@YAHPAVCTXStringW@@@Z
?SetPerfReportDataForBool@PerfDataReportUtil@@YAXPA_WH@Z
?SetFirstStartQQ@Misc@Util@@YAXH@Z

appmisc

?DecodeSCBootParam@ShortcutUtil@@YAJVCTXStringW@@@Z

apputil

?IsNeedRestore@TXUpdateCfg@@YAHXZ
?GetInstallDir@Dir@Util@@YA?AVCTXStringW@@XZ

kernel32

InterlockedExchange
InterlockedCompareExchange
GetModuleHandleW
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateEventW
WriteProcessMemory
SetThreadPriority
GetCurrentThread
Sleep
InterlockedDecrement
QueryPerformanceCounter
GetDriveTypeW
GetModuleFileNameW
OpenMutexW
CreateMutexW
WaitForSingleObject
OpenProcess
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
GetProcessTimes
GetSystemTimeAsFileTime
GetProcAddress
GetFileAttributesW
GetVersionExW
FreeLibrary
DeleteFileW
CreateProcessW
MoveFileExW
MoveFileW
CloseHandle
GetCommandLineW
OpenEventW
SetEvent
GetLastError
CreateThread
GetSystemInfo
QueryPerformanceFrequency
GetEnvironmentVariableW
GlobalMemoryStatus
SetEnvironmentVariableW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
UnhandledExceptionFilter

user32

MessageBoxW
WaitMessage
TranslateMessage
DispatchMessageW
PostThreadMessageW
PeekMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleUninitialize
OleInitialize

atl80

ord64
ord30
ord32

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_except_handler4_common
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
__argc
_time64
??0exception@std@@QAE@ABQBD@Z
__wargv
wcsncmp
_wtoi
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_CxxThrowException
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

hfwlu
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

697936579d4396cc7d7d0b877d430b4c

Headers

File Characteristics

PDB Paths

Imports

comctl32

common

kernelutil

gf

afutil

appmisc

apputil

kernel32

user32

advapi32

ole32

atl80

msvcp80

msvcr80

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 68KB - Virtual size: 65KB

hfwlu Size: 8KB - Virtual size: 4KB

Size: 88KB - Virtual size: 88KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 68KB - Virtual size: 65KB

hfwlu
Size: 8KB - Virtual size: 4KB