2b0d52805a914b67f9d23799e17a05c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b0d52805a914b67f9d23799e17a05c7_JaffaCakes118
Size

412KB
MD5

2b0d52805a914b67f9d23799e17a05c7
SHA1

0e8d753ab01ae1fa08f62b33a67e4e11b478d357
SHA256

7d7efdf199732ad2cf8ec6ce232088f5ecfaa83f8dbe7f7c42bb8d0ed52a4590
SHA512

80cf5be0143ebae8af61d7f2725742609f4b94172bbaea5e97318d69862ca9fa226fc489cae1f01be4bc9c7d3d076c1c11b813d571224c98f3422c2292b939bd
SSDEEP

6144:3qM1DWB5dUd3RqLnhZmc6e/5j7w6ZbUgPVcS++8mVtXY53ma3xx0AKg53fkXQruy:3qM1DWfuRqLnhZmc6GVcTcVtXYOMsXQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b0d52805a914b67f9d23799e17a05c7_JaffaCakes118

Files

2b0d52805a914b67f9d23799e17a05c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95229395e0ae1d3c7474f1322d0eec30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\JinZQ\源代码-工作欢熊\工作源代码\pcGame\ClientGame\release\pcStartClient.pdb

Imports

winmm

timeGetTime

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetSystemTimeAsFileTime
ExitProcess
HeapAlloc
HeapFree
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TlsGetValue
RaiseException
HeapSize
SetStdHandle
GetFileType
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetStdHandle
GetTimeZoneInformation
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFlags
GetFileTime
GetThreadLocale
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GlobalAddAtomA
FreeResource
GlobalFree
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
SetLastError
FindClose
GetFileAttributesA
SetFilePointer
GetFileSize
ReadFile
GlobalUnlock
WriteFile
GlobalLock
CreateFileA
GetCurrentThreadId
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
WinExec
lstrlenA
lstrcatA
lstrcpyA
CreateThread
GetModuleHandleA
VirtualFree
TerminateProcess
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
CopyFileA
DeleteFileA
GetSystemDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
WaitForSingleObject
CloseHandle
GetLastError
CreateMutexA
CreateProcessA
MoveFileExA
GetModuleFileNameA
Sleep
GetTickCount
GetCurrentProcessId
RtlUnwind
CreateFileW

user32

RegisterClipboardFormatA
PostThreadMessageA
IsRectEmpty
CopyAcceleratorTableA
ReleaseCapture
LoadCursorA
SetCapture
CharNextA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
SetWindowPlacement
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowTextA
SetFocus
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
UnregisterClassA
EndDialog
SetWindowContextHelpId
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
ScreenToClient
SetRect
GetParent
MapDialogRect
PostQuitMessage
PostMessageA
SendDlgItemMessageA
SetWindowPos
UpdateWindow
SetWindowsHookExA
SetTimer
FindWindowA
CallNextHookEx
UnhookWindowsHookEx
CharUpperA
InvalidateRect
GetWindowRect
IsWindow
ReleaseDC
GetDC
GetWindow
IsWindowVisible
GetTopWindow
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
AppendMenuA
GetSystemMenu
LoadIconA
ShowWindow

gdi32

GetStockObject
GetWindowExtEx
GetDeviceCaps
GetBkColor
DeleteDC
CreateRectRgnIndirect
GetMapMode
GetViewportExtEx
DeleteObject
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetTextColor
GetObjectA
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
CreateBitmap
GetRgnBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CoCreateInstance
CoUninitialize
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

inet_addr
socket
gethostbyname
WSAStartup
inet_ntoa
getprotobyname
htons
connect
send
WSACleanup
recv
setsockopt
gethostname
closesocket

wininet

InternetCanonicalizeUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetGetConnectedState
InternetReadFile
InternetCrackUrlA

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95229395e0ae1d3c7474f1322d0eec30

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

ws2_32

wininet

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 24KB - Virtual size: 21KB