0ae0ab1af376765d3e5efe93ececc2c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ae0ab1af376765d3e5efe93ececc2c6_JaffaCakes118
Size

990KB
MD5

0ae0ab1af376765d3e5efe93ececc2c6
SHA1

4a1623567326b75876a94464aeb6978111e8396d
SHA256

a817e42d018bc9ebd3976c132ccb7edb54705c636cd2d4c864e78ce45c839e64
SHA512

f3b3eed464506b80c7dcabf01be173dd7e9914b8df47d66de64c7520d32858c34f97a57bbd58923a7a0f561e7fcdf3794076f683ddb221f13ee807f4a687cf8b
SSDEEP

24576:p9uBkueNv8kO0GF/nugb1MLzAcfgm8Nxw8:p9uBkuSVJGF/uEmLzAcA28

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dnfwg/GameLink.dll
unpack001/dnfwg/WpeSpy.dll
unpack001/dnfwg/mydll.dll
unpack001/dnfwg/update/update.com
unpack001/dnfwg/小峰启动.exe

Files

0ae0ab1af376765d3e5efe93ececc2c6_JaffaCakes118
.rar
dnfwg/AccInfo.ini
dnfwg/CCProxy.ini
dnfwg/Config.ini
dnfwg/Easy2Game.exe.manifest
.xml
dnfwg/GameLink.dll
.dll windows:4 windows x86 arch:x86

30fbe81eba1519507d03cf0de3a222f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
WSASetEvent
WSCGetProviderPath
ntohs
WSAWaitForMultipleEvents
socket
connect
WSAGetLastError
WSACreateEvent
WSAEventSelect
send
recv
inet_addr
htons
getsockname
getpeername
WSCEnumProtocols

kernel32

CreateEventA
LocalAlloc
TlsAlloc
DeleteCriticalSection
GlobalUnlock
GlobalHandle
TlsFree
GlobalLock
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
lstrcmpA
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
SetLastError
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
FreeLibrary
GetProcessVersion
MulDiv
GlobalFlags
GetCurrentThread
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetACP
CreateThread
ExitThread
RaiseException
HeapSize
HeapReAlloc
ExitProcess
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
ResumeThread
SetEvent
GetCurrentProcessId
GetModuleFileNameW
GlobalAlloc
OutputDebugStringA
GlobalFree
GetVersionExA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SuspendThread
GetTickCount
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
LoadLibraryA
ExpandEnvironmentStringsA
InitializeCriticalSection
GetPrivateProfileStringW
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA
lstrcpyA
FindClose
FindFirstFileA
GetVolumeInformationA
lstrcpynA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
WaitForSingleObject
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
LocalFree
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetThreadPriority

user32

GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
EnableWindow
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
LoadIconA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
GetDesktopWindow
PostQuitMessage
DestroyMenu
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
ShowOwnedPopups
SetCursor
InsertMenuA
DeleteMenu
GetMenuStringA
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetSystemMetrics
CharUpperA
wsprintfA
OemToCharA
CharToOemA
PostMessageA
GetActiveWindow
SendMessageA
GetClassLongA
ValidateRect

gdi32

PtVisible
CreateDIBPatternBrushPt
CreatePatternBrush
Escape
ExtTextOutA
TextOutA
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA

shell32

DragAcceptFiles
SHGetFileInfoA

comctl32

ord17

Exports

Exports

EnableProxy
ProxyAll
ProxyType
SetDNS
SetGUID
SetGameID
SetHwnd
SetLog
SetProcType
SetProxyParms
SetProxyType
SetUserPass
WSPStartup
getVersion

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sharedat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnfwg/Language/Bulgarian.ini
dnfwg/Language/ChineseBig5.ini
dnfwg/Language/ChineseGB.chm
.chm
dnfwg/Language/ChineseGB.ini
dnfwg/Language/English.chm
.chm
dnfwg/Language/English.ini
dnfwg/Language/French.ini
dnfwg/Language/German.ini
dnfwg/Language/Italian.ini
dnfwg/Language/Portuguese.ini
dnfwg/Language/Romanian.ini
dnfwg/Language/Russian.ini
dnfwg/Language/Spanish.ini
dnfwg/Language/Swedish.ini
dnfwg/Language/help.chm
.chm
dnfwg/WpeSpy.dll
.dll windows:4 windows x86 arch:x86

c8bf43826d3943b2eea961ec88d9c3f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
InterlockedIncrement
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
VirtualProtect
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc

user32

RegisterWindowMessageA
IsWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
SendMessageA
DestroyWindow
UnregisterClassA
RegisterClassA
MessageBoxA
CreateWindowExA
GetMessageA

wsock32

ntohs
inet_addr
getpeername
getsockname
send

Exports

Exports

GetFilterState
SetClientHwnd
SetFilter
SetFilterState
SetLoggingActi
SetTargetPid

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WPEPRO_
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnfwg/data/Lang
dnfwg/data/ServerData
dnfwg/data/data.dat
dnfwg/data/data00
dnfwg/data/data01
dnfwg/data/data10
dnfwg/data/data11
dnfwg/data/data20
dnfwg/data/data30
dnfwg/data/data_bak
dnfwg/mydll.dll
.dll windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

DLL�ӿ�

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ecode
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dnfwg/unins000.dat
dnfwg/update/update.com
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.Upack
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dnfwg/小峰启动.exe
.exe windows:4 windows x86 arch:x86

65ae5cf17140aeaf91e3e9911da0ee3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30fbe81eba1519507d03cf0de3a222f8

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 5.6MB

sharedat Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 28KB - Virtual size: 25KB

c8bf43826d3943b2eea961ec88d9c3f0

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 13KB

.WPEPRO_ Size: 120KB - Virtual size: 118KB

.reloc Size: 8KB - Virtual size: 5KB

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 808B

.rdata Size: 512B - Virtual size: 404B

.data Size: 512B - Virtual size: 20B

.reloc Size: 512B - Virtual size: 108B

.ecode Size: 148KB - Virtual size: 148KB

.edata Size: 512B - Virtual size: 64B

Headers

File Characteristics

Sections

.Upack Size: - Virtual size: 40KB

.rsrc Size: 12KB - Virtual size: 44KB

65ae5cf17140aeaf91e3e9911da0ee3e

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 15KB

.ecode Size: 112KB - Virtual size: 112KB

.rsrc Size: 100KB - Virtual size: 97KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 5.6MB

sharedat
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 13KB

.WPEPRO_
Size: 120KB - Virtual size: 118KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 1024B - Virtual size: 808B

.rdata
Size: 512B - Virtual size: 404B

.data
Size: 512B - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 108B

.ecode
Size: 148KB - Virtual size: 148KB

.edata
Size: 512B - Virtual size: 64B

.Upack
Size: - Virtual size: 40KB

.rsrc
Size: 12KB - Virtual size: 44KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 15KB

.ecode
Size: 112KB - Virtual size: 112KB

.rsrc
Size: 100KB - Virtual size: 97KB