276bf4ff768acdd22b4968e48ff50c6c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

276bf4ff768acdd22b4968e48ff50c6c_JaffaCakes118
Size

188KB
MD5

276bf4ff768acdd22b4968e48ff50c6c
SHA1

79826e1aae31a90ba24cbe4fedd8d070f5146e08
SHA256

79c26d94094a725f31874344f51b8f2d5ff33fadb4eabb43e2441c84466efd9f
SHA512

ef525c7b3318e9e625bb214c1d1f0e54e5aa1b0c22abcd4e32c6a312363e1e6a7c4cef462831e22e7ad9490592cfc4ff9f87d42dc2610cc82c200ce1955db568
SSDEEP

3072:2iqi6D34CUdNn9OhY2/RNvLGxEELguDQm0+Ch9i10fguhkyra7RfSU+uOvLtbn:2y6DoBN9OhY2/R1G3guDqi10Y63rQN+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
276bf4ff768acdd22b4968e48ff50c6c_JaffaCakes118

Files

276bf4ff768acdd22b4968e48ff50c6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b6bcbacd59976ae3a0688b7101816121

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\code\TenioDL_MiniDown_Fix\src\GameDownloader\newui\GameDown\bin\QQGameDown.pdb

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
GetSystemTimeAsFileTime
FindFirstFileW
GetTickCount
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
CloseHandle
GetCurrentThread
GlobalFree
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
GlobalLock
GlobalUnlock
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetModuleFileNameW
InterlockedExchange
GetVersionExW
GetFileAttributesW
GetCommandLineW
CreateMutexW
GetLastError
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpynW
lstrlenW
lstrcatW
WideCharToMultiByte
GetModuleHandleW
GetLocalTime
ExpandEnvironmentStringsW
GetCurrentThreadId

user32

DefWindowProcW
RegisterClassExW
SetCursor
GetWindowLongW
IntersectRect
CreateWindowExW
InvalidateRect
GetWindowDC
GetCapture
ReleaseDC
SetCapture
ScreenToClient
ReleaseCapture
InflateRect
OffsetRect
ClientToScreen
GetDC
RedrawWindow
GetActiveWindow
SetWindowRgn
IsZoomed
WindowFromPoint
EndDialog
CreateDialogParamW
DialogBoxParamW
EnumThreadWindows
GetParent
DrawFocusRect
MapWindowPoints
SystemParametersInfoW
GetWindow
CallNextHookEx
IsIconic
ShowWindow
LoadCursorW
TranslateMessage
UnhookWindowsHookEx
FindWindowExW
SetWindowsHookExW
GetClassInfoW
IsWindowVisible
DrawTextW
GetMessageW
SetRect
GetWindowTextW
GetMenuState
GetSystemMenu
DrawIconEx
GetSystemMetrics
GetClassInfoExW
GetClassNameW
LoadImageW
PostQuitMessage
GetWindowRect
DrawAnimatedRects
EnumChildWindows
MessageBoxW
PostMessageW
DestroyWindow
IsWindow
FlashWindow
SetWindowPos
CallWindowProcW
SetWindowTextW
RegisterWindowMessageW
SetFocus
CheckDlgButton
SetDlgItemInt
GetDlgItem
SendDlgItemMessageW
EndPaint
GetClientRect
BeginPaint
EnableWindow
IsDlgButtonChecked
GetDlgItemInt
SetTimer
KillTimer
LoadIconW
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
PtInRect
SetWindowLongW
DrawIcon
FindWindowA
SendMessageTimeoutW
SendMessageW
UpdateWindow
BringWindowToTop
SetForegroundWindow
FindWindowW
DispatchMessageW

gdi32

CreateSolidBrush
SetBkMode
SetTextColor
GetStockObject
GetTextExtentPoint32W
SelectObject
LineTo
CreatePen
MoveToEx
RoundRect
SelectClipRgn
CreateRectRgnIndirect
ExtTextOutW
SetBkColor
Rectangle
DeleteDC
BitBlt
CreateCompatibleDC
StretchBlt
CreateCompatibleBitmap
GetClipBox
CreateDIBSection
ExcludeClipRect
CreateRectRgn
CreateRoundRectRgn
CombineRgn
CreateFontIndirectW
DeleteObject

advapi32

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
AccessCheck
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RevertToSelf
MapGenericMask
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoFreeLibrary
CoLoadLibrary

oleaut32

SafeArrayUnaccessData
SysAllocString
SysFreeString
SysStringLen
SafeArrayAccessData

msvcp80

?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
wcsncpy
_wcsicmp
toupper
wcschr
_wcsdup
printf
fread
sprintf
??_V@YAXPAX@Z
wcstok
wcsrchr
__argc
__wargv
memcpy
malloc
free
_snwprintf
_vsnwprintf
_vsnprintf
fopen
_snprintf
fwrite
fflush
fclose
strrchr
_splitpath
strncat
strncpy
memmove_s
??2@YAPAXI@Z
vsprintf_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_purecall
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
tolower
??3@YAXPAX@Z
_invalid_parameter_noinfo
memset
__CxxFrameHandler3
_invoke_watson

gdiplus

GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipDrawString
GdipDrawImageRectRectI
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6bcbacd59976ae3a0688b7101816121

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

gdiplus

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 6KB

.tls Size: 4KB - Virtual size: 13B

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 6KB

.tls
Size: 4KB - Virtual size: 13B

.rsrc
Size: 4KB - Virtual size: 1KB