3c91c3f5751bc86d6d006dc74c2ca6f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c91c3f5751bc86d6d006dc74c2ca6f5_JaffaCakes118
Size

1.2MB
MD5

3c91c3f5751bc86d6d006dc74c2ca6f5
SHA1

157a83e41b30c1f9c2feda4ee780c94942751794
SHA256

adc3456e886f607787c017d8faa905c9e1a1ef6a8118156509929758c4c3b116
SHA512

5c977bc0addabf118b9657874064acf999d820361ad33b1266c1351093a0b58836802415e56032b9d462a9df6c7c220475f393cba6ba31dff6f6a6c6d01b6795
SSDEEP

24576:i0ZQDxErFytCN1oyQDUSs7A2nlK3NuNsEEKsUwM4V7FlMz4+3omL:3a8F1N1oyMUDlgSsJU8V7Fl2omL

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2.0宝宝挂/rxbb.dll
unpack001/2.0宝宝挂/rxdbb.dll
unpack001/2.0宝宝挂/热血宝宝.exe

Files

3c91c3f5751bc86d6d006dc74c2ca6f5_JaffaCakes118
.rar
2.0宝宝挂/Map/1001.jpg
.jpg
2.0宝宝挂/Map/101.jpg
.jpg
2.0宝宝挂/Map/1101.jpg
.jpg
2.0宝宝挂/Map/1201.jpg
.jpg
2.0宝宝挂/Map/1301.jpg
.jpg
2.0宝宝挂/Map/1401.jpg
.jpg
2.0宝宝挂/Map/1501.jpg
.jpg
2.0宝宝挂/Map/1601.jpg
.jpg
2.0宝宝挂/Map/1701.jpg
.jpg
2.0宝宝挂/Map/1801.jpg
.jpg
2.0宝宝挂/Map/1901.jpg
.jpg
2.0宝宝挂/Map/2001.jpg
.jpg
2.0宝宝挂/Map/201.jpg
.jpg
2.0宝宝挂/Map/2101.jpg
.jpg
2.0宝宝挂/Map/2201.jpg
.jpg
2.0宝宝挂/Map/301.jpg
.jpg
2.0宝宝挂/Map/401.jpg
.jpg
2.0宝宝挂/Map/402.jpg
.jpg
2.0宝宝挂/Map/403.jpg
.jpg
2.0宝宝挂/Map/5001.jpg
.jpg
2.0宝宝挂/Map/501.jpg
.jpg
2.0宝宝挂/Map/502.jpg
.jpg
2.0宝宝挂/Map/503.jpg
.jpg
2.0宝宝挂/Map/5501.jpg
.jpg
2.0宝宝挂/Map/601.jpg
.jpg
2.0宝宝挂/Map/701.jpg
.jpg
2.0宝宝挂/Map/801.jpg
.jpg
2.0宝宝挂/Map/901.jpg
.jpg
2.0宝宝挂/ntems.dat
2.0宝宝挂/rxbb.dll
.dll windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

hook
hqjb

Sections

.text
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ecode
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2.0宝宝挂/rxdbb.dll
.dll windows:4 windows x86 arch:x86

ea59bd8d29379241800a0c6f7c1c5dc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader

kernel32

CreateMutexA
ReleaseMutex
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
ExitThread
HeapSize
GetACP
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetEnvironmentVariableW
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetStdHandle
SuspendThread
SetThreadPriority
ResumeThread
GetCurrentThread
lstrcmpA
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpynA
SetLastError
SetCommTimeouts
SetCommMask
GetCommState
SetCommState
WriteFile
ReadFile
PurgeComm
WaitCommEvent
ClearCommError
GetLastError
WaitForMultipleObjects
GetOverlappedResult
GetCommModemStatus
SetEvent
GetProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
EscapeCommFunction
CreateEventA
ResetEvent
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
SetLocalTime
GetCommandLineA
CreateProcessA
SetCurrentDirectoryA
GetCurrentThreadId
GetModuleHandleA
GlobalSize
GlobalLock
GlobalFree
lstrcatA
WinExec
lstrcpyA
GetCurrentDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapAlloc
WaitForSingleObject
GetProcessHeap
FindResourceA
LoadResource
LockResource
CreateThread
DeleteFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
Sleep
MulDiv
OpenFile
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetFullPathNameA
lstrlenW
lstrlenA
GetUserDefaultLCID
GetTickCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapDestroy

user32

LoadStringA
UnregisterClassA
GetDesktopWindow
GetClassNameA
CharUpperA
EndDialog
CreateDialogIndirectParamA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
CopyAcceleratorTableA
PostQuitMessage
GetSystemMenu
DeleteMenu
WindowFromPoint
LoadIconA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
GetMessageA
SetRectEmpty
RegisterClipboardFormatA
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
SetCursor
InvertRect
TrackPopupMenu
SetForegroundWindow
ValidateRect
LockWindowUpdate
MessageBeep
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
WaitForInputIdle
SetCursorPos
SetMenu
SetFocus
PeekMessageA
IsIconic
SetActiveWindow
DestroyMenu
SetWindowPos
GetActiveWindow
GetTopWindow
GetWindow
DestroyAcceleratorTable
DestroyCursor
SetWindowRgn
ScreenToClient
ChildWindowFromPointEx
PostMessageA
WinHelpA
KillTimer
SetTimer
GetScrollRange
SetScrollRange
SetScrollPos
SetParent
IsWindowVisible
GetWindowLongA
SetWindowLongA
TranslateMessage
DispatchMessageA
UpdateWindow
GetDC
ReleaseDC
EnumDisplaySettingsA
LoadImageA
MessageBoxA
LoadBitmapA
GetKeyState
DestroyIcon
IsChild
IsRectEmpty
GetFocus
IntersectRect
EqualRect
GetMenu
GetSubMenu
EnableMenuItem
IsZoomed
GetSysColorBrush
AdjustWindowRect
LoadCursorA
GetCapture
ClientToScreen
wsprintfA
GetDlgCtrlID
InvalidateRect
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCursorPos
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
ScrollDC

gdi32

GetSystemPaletteEntries
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetClipBox
SetTextColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
GetBkMode
SelectPalette
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
StartPage
EndPage
DPtoLP
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
Ellipse
RoundRect
FillRgn
GetCurrentObject
CombineRgn
CreateRectRgn
GetClipRgn
CreatePolygonRgn
GetDIBits
CreateDIBSection
SetPixel
ExtCreateRegion
CreateRectRgnIndirect
CreateDCA
StartDocA
GetPixel
SetPixelV
LPtoDP
GetObjectA
GetDeviceCaps
RealizePalette
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
Pie
Chord
Arc
Polygon
EndDoc
Rectangle
SelectClipRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
PatBlt
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
GetTextColor

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
PrintDlgA
CommDlgExtendedError
ChooseColorA

winspool.drv

SetFormA
AddFormA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
EnumFormsA
GetFormA
DeleteFormA

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_Destroy
ImageList_LoadImageA

ole32

OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
CLSIDFromProgID

olepro32

ord252
ord253

oleaut32

VarDateFromStr
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
UnRegisterTypeLi
SysAllocString
VariantCopyInd
VariantInit
VariantChangeType
VariantClear
GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi

ws2_32

closesocket
WSAAsyncSelect
htons
bind
htonl
socket
setsockopt
sendto
recvfrom
select
gethostbyname
inet_ntoa
inet_addr
gethostbyaddr
gethostname
WSACleanup
WSAStartup
send
ioctlsocket
connect
recv
listen
getpeername
accept

Exports

Exports

GetNewInf
GetNewSock

Sections

.text
Size: 772KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.0宝宝挂/热血宝宝.exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2.0宝宝挂/脚本/本地挂机.txt

Sharing

General

Malware Config

Signatures

Files

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 844B

.rdata Size: 512B - Virtual size: 404B

.data Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 120B

.ecode Size: 629KB - Virtual size: 629KB

.edata Size: 512B - Virtual size: 72B

ea59bd8d29379241800a0c6f7c1c5dc6

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 772KB - Virtual size: 769KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 68KB - Virtual size: 130KB

.rsrc Size: 60KB - Virtual size: 57KB

.reloc Size: 68KB - Virtual size: 66KB

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 1024B - Virtual size: 556B

.rdata Size: 512B - Virtual size: 404B

.ecode Size: 72KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 844B

.rdata
Size: 512B - Virtual size: 404B

.data
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 120B

.ecode
Size: 629KB - Virtual size: 629KB

.edata
Size: 512B - Virtual size: 72B

.text
Size: 772KB - Virtual size: 769KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 68KB - Virtual size: 130KB

.rsrc
Size: 60KB - Virtual size: 57KB

.reloc
Size: 68KB - Virtual size: 66KB

.text
Size: 1024B - Virtual size: 556B

.rdata
Size: 512B - Virtual size: 404B

.ecode
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 3KB