3a1be1a575edd75eeea6721a15fa5062_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a1be1a575edd75eeea6721a15fa5062_JaffaCakes118
Size

2.6MB
MD5

3a1be1a575edd75eeea6721a15fa5062
SHA1

179d16011638ed87a11e876d7709ec813392b5d2
SHA256

d5d67c3b5fcbc745d8068fa71780f94c90394fcf7f181dc6d98bdb3ca75c2aa9
SHA512

2fa53de33fef0fb0a97df7c16cb677cf730b5fc28b132b7b0b09adb1af47d502c1219c4629918c02eafce7d5f0559c950d5acfe2491cd6241ea9567a2196fd54
SSDEEP

49152:JWI8dS//QXJWiFVMDVOA45i9iUMe0Jigl7MIoFcrczkh:JT8dSAZWQ2DVOA4U9u0wMV+rczkh

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hdQQqfq/CheckVer1.dll
unpack001/hdQQqfq/GetInfo.dll
unpack001/hdQQqfq/QS2013.exe

Files

3a1be1a575edd75eeea6721a15fa5062_JaffaCakes118
.rar
hdQQqfq/CheckVer1.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CloseUser

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hdQQqfq/Desklog.dll
hdQQqfq/GetInfo.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetID

Sections

CODE
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hdQQqfq/Log.dat
hdQQqfq/OneMsg-1.txt
hdQQqfq/QS2013.exe
.exe windows:5 windows x86 arch:x86

6c81cd28aebf69535c2bc314d2e209e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
GetCommandLineA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
MapViewOfFile
ReadFile
ReadProcessMemory
ResumeThread
RtlMoveMemory
SetEnvironmentVariableA
CreateProcessA
Sleep
TerminateProcess
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtectEx
WritePrivateProfileStringA
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
CreateFileMappingA
CreateFileA
FindClose
FindFirstFileA
FlushFileBuffers
WriteFile
RtlZeroMemory
GetVersionExA
SetCurrentDirectoryA
CloseHandle
SizeofResource

shell32

ShellExecuteA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 498B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hdQQqfq/images/12.jpg
.jpg
hdQQqfq/images/14.jpg
.jpg
hdQQqfq/images/15.jpg
.jpg
hdQQqfq/images/17.jpg
.jpg
hdQQqfq/images/19.jpg
.jpg
hdQQqfq/images/2.jpg
.jpg
hdQQqfq/images/20.jpg
.jpg
hdQQqfq/images/21.jpg
.jpg
hdQQqfq/images/22.jpg
.jpg
hdQQqfq/images/23.jpg
.jpg
hdQQqfq/images/24.jpg
.jpg
hdQQqfq/images/27.jpg
.jpg
hdQQqfq/images/28.jpg
.jpg
hdQQqfq/images/30.jpg
.jpg
hdQQqfq/images/31.jpg
.jpg
hdQQqfq/images/33.jpg
.jpg
hdQQqfq/images/38.jpg
.jpg
hdQQqfq/images/39.jpg
.jpg
hdQQqfq/images/49.jpg
.jpg
hdQQqfq/images/50.jpg
.jpg
hdQQqfq/images/51.jpg
.jpg
hdQQqfq/images/52.jpg
.jpg
hdQQqfq/images/53.jpg
.jpg
hdQQqfq/images/54.jpg
.jpg
hdQQqfq/images/56.jpg
.jpg
hdQQqfq/images/57.jpg
.jpg
hdQQqfq/images/59.jpg
.jpg
hdQQqfq/images/6.jpg
.jpg
hdQQqfq/images/64.jpg
.jpg
hdQQqfq/images/66.jpg
.jpg
hdQQqfq/images/69.jpg
.jpg
hdQQqfq/images/7.jpg
.jpg
hdQQqfq/images/70.jpg
.jpg
hdQQqfq/images/74.jpg
.jpg
hdQQqfq/images/75.jpg
.jpg
hdQQqfq/images/76.jpg
.jpg
hdQQqfq/images/8.jpg
.jpg
hdQQqfq/images/9.jpg
.jpg
hdQQqfq/images/90.jpg
.jpg
hdQQqfq/images/91.jpg
.jpg
hdQQqfq/images/92.jpg
.jpg
hdQQqfq/images/93.jpg
.jpg
hdQQqfq/images/94.jpg
.jpg
hdQQqfq/option.ini
hdQQqfq/wenhouyu.txt
hdQQqfq/使用说明/发多个qq.jpg
.jpg
hdQQqfq/使用说明/发好友 - 步骤1.jpg
.jpg
hdQQqfq/使用说明/发好友 - 步骤2.jpg
.jpg
hdQQqfq/使用说明/发好友 - 步骤3.jpg
.jpg
hdQQqfq/使用说明/发好友 - 步骤4.jpg
.jpg
hdQQqfq/使用说明/发群 - 步骤1.jpg
.jpg
hdQQqfq/使用说明/发群 - 步骤2.jpg
.jpg
hdQQqfq/使用说明/发群 - 步骤3.jpg
.jpg
hdQQqfq/使用说明/发群 - 步骤4.jpg
.jpg
hdQQqfq/使用说明/发群成员 - 步骤3.jpg
.jpg
hdQQqfq/使用说明/取消合并窗口.jpg
.jpg
hdQQqfq/使用说明/多内容1.jpg
.jpg
hdQQqfq/使用说明/多内容2.jpg
.jpg
hdQQqfq/使用说明/多内容3.jpg
.jpg
hdQQqfq/使用说明/定时发送.jpg
.jpg
hdQQqfq/使用说明/定时发送好友.jpg
.jpg
hdQQqfq/使用说明/定时发送群.jpg
.jpg
hdQQqfq/使用说明/插入图片1.jpg
.jpg
hdQQqfq/使用说明/插入图片2.jpg
.jpg
hdQQqfq/使用说明/插入图片3.jpg
.jpg
hdQQqfq/使用说明/插入文件1.jpg
.jpg
hdQQqfq/使用说明/插入文件2.jpg
.jpg
hdQQqfq/使用说明/插入文件3.jpg
.jpg
hdQQqfq/使用说明/插入文件4.jpg
.jpg
hdQQqfq/使用说明/插入离线文件.jpg
.jpg
hdQQqfq/使用说明/插入离线文件2.jpg
.jpg
hdQQqfq/使用说明/改字体.jpg
.jpg
hdQQqfq/使用说明/改字体2.jpg
.jpg
hdQQqfq/使用说明/禁止发送名单.jpg
.jpg
hdQQqfq/提示.wav
hdQQqfq/河源下载站-cngr.cn.url
.url
hdQQqfq/淘宝热卖.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 29KB - Virtual size: 28KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 73B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 29KB - Virtual size: 29KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 68B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

6c81cd28aebf69535c2bc314d2e209e8

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

advapi32

comdlg32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 512B - Virtual size: 498B

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 29KB - Virtual size: 29KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 68B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 498B