24e006d47718bb831d0f513244dfb33e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24e006d47718bb831d0f513244dfb33e_JaffaCakes118
Size

430KB
MD5

24e006d47718bb831d0f513244dfb33e
SHA1

111bb5e547e117a5da2a6c29d2e4bab284d403b2
SHA256

86b340b36df5e87f69c7fd032bc614fd69538c405a001886c8a3b6e7ef7a9edd
SHA512

4086ab93383470f24172ceb45d58eab9de3f1e3405cbc96d3e0fd2c8dd498f89c969b43caff5a791f84494f6c374bb5f94490cda52e3a118d4f5a6ed7dacfbc5
SSDEEP

6144:Ul4Y9yBMPMhZWZ6vfhY0QQoH3Fu5SQ+WFODB8eLpNMWQXb9DzR8URZmfWWkxCGOf:Wp9n41vfhSFXvNMVXbIURZgWWiQmw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/天正建筑2013注册机.exe

Files

24e006d47718bb831d0f513244dfb33e_JaffaCakes118
.rar
使用说明.htm
.html
使用说明.txt
天正建筑2013注册机.exe
.exe windows:4 windows x86 arch:x86

4e9f873120be694059330f02e88cd37b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\APPS\temp\GMUnpacker\ReleaseGMUnpacker.pdb

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
FreeResource
FindResourceW
LoadResource
LockResource
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SizeofResource
InterlockedDecrement
MulDiv
InterlockedIncrement
ResumeThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetCurrentThreadId
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
VirtualAlloc
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetTickCount
DeleteFileW
GetFullPathNameW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
SetFileAttributesW
GetTempFileNameW
GetFileAttributesW
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
ReadFile
WriteFile
SetEndOfFile
GetLastError
SetFileTime
SetFilePointer
GetEnvironmentVariableW
lstrcmpW
GetModuleHandleW
GetModuleFileNameW
WinExec
CreateEventW
ResetEvent
SetEvent
Sleep
CreateProcessW
FreeLibrary
LoadLibraryW
CloseHandle
CreateFileA
GetProcAddress

user32

HideCaret
CreateCaret
SetCaretPos
RedrawWindow
ClientToScreen
ShowCaret
OffsetRect
InvalidateRgn
MoveWindow
DestroyAcceleratorTable
SetWindowLongW
GetWindowLongW
CreateAcceleratorTableW
GetDesktopWindow
KillTimer
LoadIconW
MonitorFromWindow
PostQuitMessage
CharPrevW
DrawIconEx
FillRect
DrawTextW
TrackMouseEvent
GetAsyncKeyState
LoadBitmapW
GetMonitorInfoW
SetTimer
SendMessageW
GetClassNameW
ShowWindow
EnumThreadWindows
PostMessageW
LoadStringW
GetParent
SetWindowPos
DestroyWindow
InvalidateRect
GetFocus
ReleaseCapture
GetCursorPos
UpdateLayeredWindow
GetUpdateRect
SetWindowRgn
GetDC
IsChild
SetCapture
ScreenToClient
ReleaseDC
EndPaint
GetKeyState
BeginPaint
IntersectRect
PtInRect
IsRectEmpty
CharNextW
SetCursor
GetClassInfoExW
RegisterClassW
EnableWindow
SetPropW
DispatchMessageW
TranslateMessage
DestroyIcon
IsWindow
GetMessageW
LoadCursorW
CreateWindowExW
RegisterClassExW
GetPropW
SetFocus
IsIconic
LoadImageW
CallWindowProcW
DefWindowProcW
CharNextA
SetForegroundWindow
GetWindow
MapWindowPoints
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
IsZoomed
SystemParametersInfoW
GetWindowRect
GetClientRect
GetActiveWindow
GetSysColor

gdi32

CreateRectRgnIndirect
CreateRoundRectRgn
GetStockObject
CreateRectRgn
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
CreateDIBSection
DeleteDC
CreatePen
SelectObject
BitBlt
StretchBlt
Rectangle
DeleteObject
GetTextMetricsW
CombineRgn
TextOutW
SetBitmapBits
SelectClipRgn
SetTextColor
GetBitmapBits
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
RoundRect
GetCharABCWidthsW
SetBkMode
SetBkColor
GetTextExtentPoint32W
ExtTextOutW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW

ole32

OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

riched20

ord4

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
小游戏.url
.url

Sharing

General

Malware Config

Signatures

Files

4e9f873120be694059330f02e88cd37b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

riched20

comctl32

msimg32

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 84KB - Virtual size: 81KB