ed2785ff1c6733fc624ec5a161e7c91c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ed2785ff1c6733fc624ec5a161e7c91c_JaffaCakes118
Size

638KB
MD5

ed2785ff1c6733fc624ec5a161e7c91c
SHA1

dad0549b4afe4307b750e2d7e52ce9a08c80c624
SHA256

620f2753e07e6e397c659f256250d70413dff90567100060d44a53587268c9e1
SHA512

7a7d8976f40191227ab88aa031b7d746d818428aea45adb7c9a163ad152b58407c19443d99327eb84764ff8a67ed9fb18f5b7628b7c87945c9c1ec173f219c03
SSDEEP

12288:4ZUwmctdZ1FPkrcXqtfRvzE2t+/iQsRSnvTHRMTA6gPmeuzdhTXYs:46wrZUrIqtfRvY23aXHmzjYs

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/hitool.exe	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7z.dll
unpack001/hitool.exe
unpack001/un7z.dll

Files

ed2785ff1c6733fc624ec5a161e7c91c_JaffaCakes118
.rar
7z.dll
.dll windows:4 windows x86 arch:x86

72d1bfee97be4b38dd210f2f3a581d01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharPrevExA
CharPrevA
CharNextA
CharLowerW
CharLowerA
CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
memcmp
_purecall
memcpy
memmove
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
DeleteCriticalSection
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
hitool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 284KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
un7z.dll
.exe windows:4 windows x86 arch:x86

e43fea0ad23b7fdf76bdb96485e5313a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableWindow
SetDlgItemTextA
GetDlgItem
SendMessageA
SetWindowTextW
EndDialog
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
SetTimer
SendMessageW
LoadStringW
LoadStringA
CharPrevA
CharUpperW
CharUpperA
PostMessageA
CheckRadioButton
IsWindowEnabled
SetWindowTextA
IsDlgButtonChecked
ShowWindow
CheckDlgButton
MessageBoxW
MessageBoxA
wsprintfA
KillTimer

advapi32

RegDeleteValueW
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA

oleaut32

SysAllocString
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

shell32

SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ord17

ole32

CoInitialize
CoUninitialize

comdlg32

GetOpenFileNameA
GetOpenFileNameW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_iob
memcpy
free
malloc
wcslen
memcmp
_purecall
memmove
_CxxThrowException
__CxxFrameHandler
_isatty
_fileno

kernel32

SetPriorityClass
GetDriveTypeA
FileTimeToDosDateTime
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
GetStdHandle
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
GetModuleHandleW
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetCurrentProcess
GetProcessTimes
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
InitializeCriticalSection
GetStartupInfoA
lstrlenA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
SearchPathW
SetEndOfFile
lstrcatA
SearchPathA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
MoveFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileA
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
CloseHandle
GetWindowsDirectoryW
GetWindowsDirectoryA
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
AreFileApisANSI
LoadLibraryA
LoadLibraryExA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
DeleteCriticalSection
GetCommandLineW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetFullPathNameA

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

72d1bfee97be4b38dd210f2f3a581d01

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 42KB

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

CODE Size: 284KB - Virtual size: 720KB

DATA Size: 4KB - Virtual size: 12KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 48KB

.rsrc Size: 33KB - Virtual size: 128KB

.aspack Size: 32KB - Virtual size: 36KB

.adata Size: - Virtual size: 4KB

e43fea0ad23b7fdf76bdb96485e5313a

Headers

File Characteristics

Imports

user32

advapi32

oleaut32

shell32

comctl32

ole32

comdlg32

msvcrt

kernel32

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 42KB

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 21KB - Virtual size: 21KB

CODE
Size: 284KB - Virtual size: 720KB

DATA
Size: 4KB - Virtual size: 12KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 48KB

.rsrc
Size: 33KB - Virtual size: 128KB

.aspack
Size: 32KB - Virtual size: 36KB

.adata
Size: - Virtual size: 4KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 18KB - Virtual size: 17KB