07ee4d8cd52121054d0dacef6d7e8e2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07ee4d8cd52121054d0dacef6d7e8e2a_JaffaCakes118
Size

1.1MB
MD5

07ee4d8cd52121054d0dacef6d7e8e2a
SHA1

748cb2e71ccb9669145f62c63e1bd53d64710cd9
SHA256

7d454d01ea9ebcb54cccb1b03eb9f561e47f183331bb3662fa091c89b2fbd65c
SHA512

7ddf0227573612feb3b6d5e8a697a93fe94047f05559016f5c896be74cdefa16b617b00ad6e2a25a40284ddc03b5c5a97fe4314f9ce4f73d5fc829c8e361a1c0
SSDEEP

12288:/VZlmU3aBIea+cSwkAsGQ5bZrxR/RZ8BnPPA97dPE5E4MpEmp4bSdbjejx5jtn97:/BqiFLpjtn7alVuNIkl46B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07ee4d8cd52121054d0dacef6d7e8e2a_JaffaCakes118

Files

07ee4d8cd52121054d0dacef6d7e8e2a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

459b50e5de1c4941ff94aa6c5df0b202

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DevStream\QQ1.56_PaiPaiBlueBar\Basic_Hummer3_VOB\Hummer2010\Output\Bin\CustomFace.pdb

Imports

xgraphic32

GeoRectangleEx
CreateCanvas
CanvasToTexture
DrawTexture
GetTextureHandle
DeleteTexture
FillSolidRect
GetCanvasHandle

common

?PropertyStr@CFmtString@@QAEHPB_W0@Z
??0CFmtString@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
?IsEmpty@CTXBSTR@@QAEHXZ
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?GetTXDataStr@Data@Util@@YAHPAUITXDataRead@@PB_WAAVCTXStringW@@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??0CTXBSTR@@QAE@ABV0@@Z
??1CTXFileDialog@@QAE@XZ
?Left@CTXStringW@@QBE?AV1@H@Z
?GetFileTitleW@CTXFileDialog@@QAE?AVCTXStringW@@V2@@Z
?GetFileName@CTXFileDialog@@QAE?AVCTXStringW@@V2@@Z
?GetNextPathName@CTXFileDialog@@QBE?AVCTXStringW@@AAPAU__POSITION@@@Z
?GetStartPosition@CTXFileDialog@@QBEPAU__POSITION@@XZ
?DoModal@CTXFileDialog@@QAEHXZ
??0CTXFileDialog@@QAE@HPB_W00K0PAUHWND__@@HPAVVFileDialgCallback@@@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??8CTXBSTR@@QBE_NABV0@@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
??8@YA_NPB_WABVCTXBSTR@@@Z
?IsFileSystemFile@FS@@YAHPB_W@Z
?Find@CTXStringW@@QBEH_WH@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
?DeleteDirectory@FS@@YAHPB_W@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
?GetFileHash@FS@Util@@YAHPB_WAAVCTXBuffer@@AAK@Z
??9CTXBSTR@@QBE_NABV0@@Z
?GetConfigFieldData@ModuleConfig@@YAJPB_W0PAPAUITXDataRead@@@Z
?Length@CTXBSTR@@QBEIXZ
??8@YA_NABVCTXStringW@@0@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetLCID@NLS@@YAKXZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
ord34
?Compare@CTXStringW@@QBEHPB_W@Z
??1CxFile@@UAE@XZ
??_7CxFile@@6B@
??9@YA_NABVCTXStringW@@0@Z
??1CxImage@@UAE@XZ
?IsValid@CxImage@@QBE_NXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?Destroy@CxImage@@QAE_NXZ
?Save@CxImage@@QAE_NPAVCxTXFile@@K@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
??0CxImage@@QAE@K@Z
?Load@CxImage@@QAE_NPAVCxFile@@K@Z
?IsFileExist@FS@@YAHPB_W@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@PAK_N@Z
?PropertyLong@CFmtString@@QAEHPB_WJ0@Z
??M@YA_NABVCTXStringW@@0@Z
?GetLength@CTXStringW@@QBEHXZ
?AllocSysString@CTXStringW@@QBEPA_WXZ
?GetFileExt@CTXFileDialog@@QAE?AVCTXStringW@@V2@@Z
?GetFileFullName@CTXFileDialog@@QBE?AVCTXStringW@@XZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?GetFileSuffix@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?GuidToString@Com@Util@@YAJABU_GUID@@PAPA_WH@Z
??1CxImageGIF@@UAE@XZ
?Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z
?SetDisposalMethod@CxImageGIF@@QAEXH@Z
?SetLoops@CxImageGIF@@QAEXH@Z
?SetComment@CxImageGIF@@QAEXPBD@Z
??0CxImageGIF@@QAE@XZ
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?GetFrameDelay@CxImage@@QBEKXZ
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?LoadGif@CxImageHelper@@YAPAVCxImage@@PAVCxFile@@AAH@Z
??0CTXBSTR@@QAE@H@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?GetHeight@CxImage@@QBEKXZ
?GetWidth@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetNumColors@CxImage@@QBEKXZ
?GetPaletteSize@CxImage@@QAEKXZ
?GetTransIndex@CxImage@@QBEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?CopyToHandle@CxImage@@QAEPAXXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?Load@CxImage@@QAE_NPB_WK@Z
??BCTXBSTR@@QBEPA_WXZ
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?ConvertXMLToTXData@Convert@Util@@YAHPA_WPAPA_WPAUITXData@@0@Z
?StopThread@CTXThreadModel@@QAEXK@Z
?CreateDirectoryW@FS@@YAHPB_W@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
??7CTXStringW@@QBE_NXZ
??1CTXThreadModel@@MAE@XZ
?StartThread@CTXThreadModel@@QAEHXZ
?EnableLowCpuPriority@CTXThreadModel@@IAEXH@Z
??0CTXThreadModel@@IAE@XZ
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?Copy@CTXBSTR@@QBEPA_WXZ
?FindFormat@CxImageHelper@@YAKPAVCxFile@@PAH@Z
?Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?Trim@CTXStringW@@QAEAAV1@XZ
ord25
ord33
??9@YA_NABVCTXStringW@@PB_W@Z
??1CFmtString@@QAE@XZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXStringW@@QAE@XZ
??4CTXStringW@@QAEAAV0@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?Record@Perf@Util@@YAJPB_WHH00@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??1CTXBSTR@@QAE@XZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0@Z
?RawInitGFElementByXtml@GF@Util@@YAJPA_WPAUIGFElement@@10@Z
?ScreenPoint2ClientPoint@GF@Util@@YAXPAUIGFFrame@@AAUtagPOINT@@@Z
?GetInterface@Metadata@Util@@YAJPAUITXData@@PA_WPAPAU3@@Z
?CreatexFile@GF@Util@@YAXPAPAVCxFile@@VCTXStringW@@K@Z
?FreeData@Metadata@Util@@YAJAAPA_W@Z
?Get@Metadata@Util@@YAJPAUITXData@@PA_WPAPA_W@Z
?GetBOOL@Metadata@Util@@YAJPAUITXData@@PA_WPAH@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z

kernelutil

?GetSelfUin@Contact@Util@@YAKXZ
?OpenUrlInIM@URL@Util@@YAXABVCTXStringW@@W4URLMODIFYLEVEL@12@0@Z
?GetSignFmt@URL@Util@@YAXAAVCFmtString@@@Z
?IsFlagValid@Contact@Util@@YAHKK@Z

afutil

??0CSysDialog@@QAE@PAVVSysDialgCallback@@@Z
?MessageBoxW@Misc@Util@@YAHPAUIGFFrame@@VCTXStringW@@1H@Z
?SetPerfReportDataForWord@PerfDataReportUtil@@YAXPA_WKH@Z
?GetVipLevel@Self@Contact@Util@@YAHPAG@Z
?MessageBoxExW@Misc@Util@@YAHPAUIGFFrame@@PA_W1IPAUITXData@@PAPAU4@@Z
?ChooseColorEx@SysDialog@Util@@YAHPAUHWND__@@AAK@Z
??1CSysDialog@@UAE@XZ
?OptColor@CSysDialog@@QAEHPAUHWND__@@AAK@Z
?IsAppLocked@Misc@Util@@YAHXZ

kernel32

HeapSize
GetModuleHandleW
lstrcmpiW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetThreadLocale
SetThreadLocale
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
SetLastError
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
InterlockedIncrement
GetModuleFileNameW
lstrlenW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
GetCurrentProcess
FlushInstructionCache
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
GetProcAddress
HeapAlloc
VirtualAlloc
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection

user32

TranslateMessage
GetMessageW
UnregisterClassA
BringWindowToTop
CharNextW
SetForegroundWindow
GetParent
CreateWindowExW
IsWindow
RegisterClassExW
DispatchMessageW
OffsetRect
GetDC
GetWindowDC
EqualRect
SetWindowLongW
IsRectEmpty
PtInRect
SetRectEmpty
SendMessageW
GetSystemMetrics
LoadCursorW
PostQuitMessage
ScreenToClient
GetKeyState
CopyRect
GetCursorPos
SetCursor
SetCapture
ReleaseCapture
GetDesktopWindow
UpdateWindow
UnionRect
ReleaseDC
DestroyWindow
GetClassInfoExW
DefWindowProcW
GetWindowLongW
CallWindowProcW
PostMessageW
PeekMessageW

gdi32

GetPaletteEntries
EnumFontFamiliesExW
GetObjectW
GetDIBits
BitBlt
CreatePalette
CreateDIBSection
SetDIBColorTable
GdiFlush
CreateCompatibleDC
SetBkColor
CreateCompatibleBitmap
DeleteDC
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
ExtTextOutW
GetDeviceCaps

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFileInfoW

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString

atl80

ord18
ord22
ord64
ord23
ord61
ord43
ord44
ord15
ord30
ord31
ord58
ord32

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

swprintf_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
calloc
_wtof
wcsncpy
_wtol
memcpy
_wtoi
memset
memmove_s
wcsncpy_s
wcscpy_s
malloc
memcpy_s
_recalloc
free
_purecall
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_time64
_invalid_parameter_noinfo
__CxxFrameHandler3
_CxxThrowException
??3@YAXPAX@Z
__clean_type_info_names_internal

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipFillRectangleI
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipGetDC
GdipReleaseDC
GdipDrawImageRectI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawString
GdipMeasureString
GdipCreateFont
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipFillEllipse
GdipDrawImage
GdipDrawImagePointRectI
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

459b50e5de1c4941ff94aa6c5df0b202

Headers

File Characteristics

PDB Paths

Imports

xgraphic32

common

gf

kernelutil

afutil

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl80

msvcp80

msvcr80

gdiplus

Exports

Exports

Sections

.text Size: 636KB - Virtual size: 633KB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 40KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 164KB - Virtual size: 160KB

.text
Size: 636KB - Virtual size: 633KB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 40KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 164KB - Virtual size: 160KB