ce98bdb3100bb0cfebab7acd9ddf65df_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ce98bdb3100bb0cfebab7acd9ddf65df_JaffaCakes118
Size

129KB
MD5

ce98bdb3100bb0cfebab7acd9ddf65df
SHA1

a9d655165c13709a8fa51e135cf077de86001249
SHA256

d5876c89a7d99cc3eb08ee8e66bdea907ffe83ebcaa9eeaecd70d705fe29add6
SHA512

1d890cc157a529744125d5f3e255dcb61b7faaa16069eb255c7e3e57636f7f9977ef630209e98f6c355e92065a66e5b4639129c27e9ac394d083314d0e52ee7b
SSDEEP

3072:80Yc99JkD3zKkmBcEUcvb9GfkysKTZUNAHsllOG6IAqyRA4x3FhHkM:80FkD3zKbBlUob9hKTZU8qyBx1hHkM

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Pain ESP v1.3B/Pain ESP.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Pain ESP v1.3B/Pain ESP.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Pain ESP v1.3B/Pain ESP.dll
unpack002/out.upx
unpack001/Pain ESP v1.3B/Pain ESP.exe

Files

ce98bdb3100bb0cfebab7acd9ddf65df_JaffaCakes118
.rar
Pain ESP v1.3B/Hack.ini
Pain ESP v1.3B/Pain ESP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateInterface

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pain ESP v1.3B/Pain ESP.exe
.exe windows:4 windows x86 arch:x86

614fdceecb55f0f19cc0fbbc2b758841

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
FindFirstFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
CloseHandle
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetLastError
DeleteFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
SetFilePointer
SetConsoleCtrlHandler
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
FlushFileBuffers

user32

DialogBoxParamA
EndDialog
ShowWindow
MessageBoxA
LoadIconA

shell32

Shell_NotifyIconA

urlmon

URLDownloadToFileA

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pain ESP v1.3B/info.txt
Pain ESP v1.3B/readme.txt
Pain ESP v1.3B/Инструкция.txt
readme.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 44KB - Virtual size: 44KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 21KB

.reloc Size: 8KB - Virtual size: 6KB

614fdceecb55f0f19cc0fbbc2b758841

Headers

File Characteristics

Imports

kernel32

user32

shell32

urlmon

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 13KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 128KB - Virtual size: 126KB

.reloc Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 44KB - Virtual size: 44KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 21KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 128KB - Virtual size: 126KB

.reloc
Size: 4KB - Virtual size: 3KB