42a013290e7d8b2c3573ffaa532cbc61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42a013290e7d8b2c3573ffaa532cbc61_JaffaCakes118
Size

2.3MB
MD5

42a013290e7d8b2c3573ffaa532cbc61
SHA1

051b661ccd178e0cb0b6927a4ae1ce685b56b0a3
SHA256

6fda512fadfeb100a1ecbd02cd9681506e0de61adb3d2e3589254702a79802b1
SHA512

d4378f0a8abff162b7485323c7b346866dba62d36cbb38f1e9e67128afcd42708ddf46676e59f5ed813c01064940f01e2bef775c86e8c0a50a79a520264b7178
SSDEEP

49152:tkB2jKeHU6QkZM7YGO0tlr1VfajUhP/isYs1MccHpbExrxAAn:tkBXeHciQpVN3uHpbMruY

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ侠物语小仔/侠物语助手v1.0.8/GameOver.dll
unpack001/QQ侠物语小仔/侠物语助手v1.0.8/Newtonsoft.Json.dll
unpack001/QQ侠物语小仔/侠物语助手v1.0.8/QQxwy.exe
unpack001/QQ侠物语小仔/侠物语助手v1.0.8/System.Core.dll
unpack001/QQ侠物语小仔/侠物语助手v1.0.8/Update.exe

Files

42a013290e7d8b2c3573ffaa532cbc61_JaffaCakes118
.rar
QQ侠物语小仔/下载说明.txt
QQ侠物语小仔/使用说明.txt
QQ侠物语小仔/侠物语助手v1.0.8/GameOver.dll
.dll windows:5 windows x86 arch:x86

93e5912f361fc9ddcb313759a22f0558

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharNextA

advapi32

RegEnumValueA

oleaut32

SysFreeString

ole32

CLSIDFromProgID

ntdll

ZwShutdownSystem

shell32

ShellExecuteA

Exports

Exports

IPC_AnswerServerStart
IPC_PubSet
IPC_Question
IPC_close
ks_CheckKeyE
ks_GetData
ks_GetMsg
ks_advapi
ks_apidatafree
ks_destr
ks_edit
ks_editK
ks_exit
ks_prepaid
ks_reguser
ks_setExtVal
ks_setKVal
ks_setSoftVal
ks_setUVal
ks_setUpVal
ks_unbind
ks_viewinfo

Sections

CODE
Size: - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.spdata0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.spdata1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ侠物语小仔/侠物语助手v1.0.8/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dev\Releases\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ侠物语小仔/侠物语助手v1.0.8/QQxwy.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ侠物语小仔/侠物语助手v1.0.8/System.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 636KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ侠物语小仔/侠物语助手v1.0.8/Update.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\网页游戏-2008\AppStart-2008\AppStart-2008\obj\Debug\Update.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ侠物语小仔/侠物语助手v1.0.8/update.xml
QQ侠物语小仔/侠物语助手v1.0.8/运行不了辅助工具的,请点击这里.html
.html .js polyglot
QQ侠物语小仔/在线购买外挂卡.url
.url
QQ侠物语小仔/外挂论坛交流社区.url
.url
QQ侠物语小仔/查看最新版本.url
.url
QQ侠物语小仔/破解补丁.reg

Sharing

General

Malware Config

Signatures

Files

93e5912f361fc9ddcb313759a22f0558

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ole32

ntdll

shell32

Exports

Exports

Sections

CODE Size: - Virtual size: 145KB

DATA Size: - Virtual size: 3KB

BSS Size: - Virtual size: 13KB

.idata Size: - Virtual size: 3KB

.edata Size: - Virtual size: 524B

.spdata0 Size: - Virtual size: 1.6MB

.spdata1 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 512B - Virtual size: 312B

.rsrc Size: 2KB - Virtual size: 7KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 377KB - Virtual size: 377KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 658KB - Virtual size: 657KB

.sdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 636KB - Virtual size: 632KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 13KB - Virtual size: 13KB

.rsrc Size: 137KB - Virtual size: 137KB

.reloc Size: 512B - Virtual size: 12B

CODE
Size: - Virtual size: 145KB

DATA
Size: - Virtual size: 3KB

BSS
Size: - Virtual size: 13KB

.idata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 524B

.spdata0
Size: - Virtual size: 1.6MB

.spdata1
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 512B - Virtual size: 312B

.rsrc
Size: 2KB - Virtual size: 7KB

.text
Size: 377KB - Virtual size: 377KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 658KB - Virtual size: 657KB

.sdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 636KB - Virtual size: 632KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 137KB - Virtual size: 137KB

.reloc
Size: 512B - Virtual size: 12B