f21cc7638ca6e6e56a045c503083a294_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f21cc7638ca6e6e56a045c503083a294_JaffaCakes118
Size

4.4MB
MD5

f21cc7638ca6e6e56a045c503083a294
SHA1

08a638dd9b963b54b05bac444b8e3e5ae2e740f2
SHA256

a4b30ecbdd6490f6f92844351d8a51e80a997ca7138d01bbf5bef0467c5ba76b
SHA512

476fdf497d7d4243b0eba792a7f554859dbf716a900a9f7eb38c6e4dc5f2a4e85002c94e435aa5ddac912b9687342b452f68041de64a0fcf76101dc76c286ade
SSDEEP

98304:2eqhjUPjMS2i7TludiWvO/3WRwrIisB4q4vLWOsG2RuHA:2eWjSIdvv1RPnQWOsG2CA

Score

7^/10

aspackv2 themida

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/客户端/USkin.dll	aspack_v212_v242

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/客户端/客户端.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/客户端/客户端.exe
unpack001/服务端/服务端.exe
unpack001/管理端/管理端.exe

Files

f21cc7638ca6e6e56a045c503083a294_JaffaCakes118
.rar
客户端/Cyclops.u3
客户端/USkin.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

76:c5:1e:fd:f4:fc:19:d2:5a:45:7f:02:44:31:da:71
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/10/2006, 00:00

Not After

30/10/2007, 23:59

Subject

CN=Serhiy Horobets,O=Serhiy Horobets,POSTALCODE=03127,STREET=Sechenova st\, 7a - 38,L=Kiev,ST=Goloseevsky rn,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:33:0f:1f:13:b3:b4:b4:6c:0f:b3:87:c0:50:44:f4:bb:37:5f:33
Signer

Actual PE Digest

78:33:0f:1f:13:b3:b4:b4:6c:0f:b3:87:c0:50:44:f4:bb:37:5f:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

USkinAboutSkin
USkinApplyColorTheme
USkinApplyColorThemeByRGB
USkinApplyThread
USkinCloseSkinData
USkinDrawFrameControl
USkinDrawSkinImageSection
USkinDrawText
USkinEnableWindowSkin
USkinExit
USkinGetBool
USkinGetColor
USkinGetDWORD
USkinGetDouble
USkinGetEnumString
USkinGetEnumValue
USkinGetFont
USkinGetInt
USkinGetLastError
USkinGetMenu
USkinGetString
USkinGetSysColor
USkinGetSysColorBrush
USkinGetWinColor
USkinGetWinColorBrush
USkinGetWindowSkinObjectRect
USkinGetWindowSkinObjectText
USkinGetWindowSkinObjectVisible
USkinInit
USkinLoadSkin
USkinLoadSkinFromBuffer
USkinLoadSkinFromResource
USkinOpenSkinData
USkinRemoveSkin
USkinRestoreSkin
USkinSetMenuItemImage
USkinSetMenuItemImageEx
USkinSetWindowSkin
USkinSetWindowSkinObjectText
USkinSetWindowSkinObjectVisible
USkinUpdateMenuBar

Sections

.text
Size: 200KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uskin
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
客户端/客户端.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 32KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
客户端/客户端.ini
客户端/新云软件.url
.url
服务端/data.mdb
服务端/hotgx.mdw
服务端/服务端.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 124KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1020KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
服务端/服务端.ini
管理端/help.chm
.chm
管理端/管理端.exe
.exe windows:4 windows x86 arch:x86

65ae5cf17140aeaf91e3e9911da0ee3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
管理端/管理端.ini
说明.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

76:c5:1e:fd:f4:fc:19:d2:5a:45:7f:02:44:31:da:71Certificate

Extended Key Usages

Key Usages

78:33:0f:1f:13:b3:b4:b4:6c:0f:b3:87:c0:50:44:f4:bb:37:5f:33Signer

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 520KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 7KB - Virtual size: 52KB

.rsrc Size: 19KB - Virtual size: 116KB

.reloc Size: 23KB - Virtual size: 60KB

.uskin Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 32KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 1.1MB - Virtual size: 2.1MB

Headers

File Characteristics

Sections

Size: 124KB - Virtual size: 212KB

.rsrc Size: 8KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 4KB

.text Size: 1020KB - Virtual size: 2.0MB

65ae5cf17140aeaf91e3e9911da0ee3e

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 15KB

.ecode Size: 272KB - Virtual size: 272KB

.rsrc Size: 4KB - Virtual size: 4KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

76:c5:1e:fd:f4:fc:19:d2:5a:45:7f:02:44:31:da:71
Certificate

78:33:0f:1f:13:b3:b4:b4:6c:0f:b3:87:c0:50:44:f4:bb:37:5f:33
Signer

.text
Size: 200KB - Virtual size: 520KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 7KB - Virtual size: 52KB

.rsrc
Size: 19KB - Virtual size: 116KB

.reloc
Size: 23KB - Virtual size: 60KB

.uskin
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 1.1MB - Virtual size: 2.1MB

.rsrc
Size: 8KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 4KB

.text
Size: 1020KB - Virtual size: 2.0MB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 15KB

.ecode
Size: 272KB - Virtual size: 272KB

.rsrc
Size: 4KB - Virtual size: 4KB