3fa012fd08cb6f82d2f47444f14bbc73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fa012fd08cb6f82d2f47444f14bbc73_JaffaCakes118
Size

183KB
MD5

3fa012fd08cb6f82d2f47444f14bbc73
SHA1

aaca84d4e22f351bd312af5cd437560b3c7b5d2c
SHA256

50c8a7d6ecaf3043574f77b7b0e1e35a1d33ebad271154a732270e184a61a04c
SHA512

5cfd90c077186c14f0446fb1833926b526f72479dc793f3296700a2c0d2d6256f1c780d20a58f2a0cf578c2cc2f0b23f30144917d25c3071c86426be92fdff97
SSDEEP

3072:vM7Q75zPeMH69cPqRdfl7tVMedzu+lP46l4lIE9kRdHabC01T7:vMclaMa9cPgVMyh5l4lIEm/+Z57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tzfs-kyy.exe

Files

3fa012fd08cb6f82d2f47444f14bbc73_JaffaCakes118
.rar
IP.txt
MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetProcAddress
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetWindowsDirectoryA
LoadLibraryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tzfs-kyy.exe
.exe windows:4 windows x86 arch:x86

6d69e67dcd25c87ea9a9f48b432f58d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
__vbaI2Sgn
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaLateIdCall
ord695
__vbaStrVarMove
ord696
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord698
ord512
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
__vbaLineInputVar
__vbaR8Sgn
ord516
__vbaVarFix
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord626
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaForEachCollAd
__vbaVarCmpNe
ord629
__vbaStrCat
__vbaError
ord660
__vbaInStrVarB
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord662
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaVarPow
ord593
__vbaVarForInit
__vbaExitProc
ord594
__vbaFileCloseAll
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
__vbaStrFixstr
ord520
__vbaBoolVar
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
ord631
__vbaVargVarMove
__vbaVarZero
__vbaVarCmpGt
ord632
__vbaChkstk
__vbaGosubFree
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaVarAbs
ord528
__vbaGenerateBoundsError
ord529
__vbaGet3
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner3
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord564
__vbaCastObjVar
__vbaLbound
__vbaStrR4
__vbaRedimPreserve
_adj_fpatan
ord567
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
ord710
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaGosub
__vbaI2Str
ord714
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
ord535
__vbaDateVar
ord536
__vbaLsetFixstrFree
__vbaI2Var
ord644
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaR8Str
ord570
__vbaInStr
__vbaVar2Vec
ord648
__vbaNew2
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
ord613
__vbaFpI2
__vbaVarTstGe
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
ord618
__vbaI2ErrVar
__vbaCastObj
__vbaAryCopy
__vbaStrMove
__vbaStrVarCopy
ord619
__vbaR8IntI4
__vbaForEachVar
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 332KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 5KB - Virtual size: 4KB

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 5KB - Virtual size: 4KB

6d69e67dcd25c87ea9a9f48b432f58d0

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 332KB - Virtual size: 328KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 332KB - Virtual size: 328KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB