f491bec281239e3214295b23205ff2fa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f491bec281239e3214295b23205ff2fa_JaffaCakes118
Size

2.3MB
MD5

f491bec281239e3214295b23205ff2fa
SHA1

8ee83827407cfad92a011c18e158a912c000b877
SHA256

43fe03ecc5e5057787f64dd4b2a378d5a35f7d67f6c589875fb8efe5bbd5b561
SHA512

658a8167c475ae836c10e0cf67809821490fd78c20dbe79377b70d839e2419a03288f09e739370c89fa0e85fa3381f4616d31c82fa8cb7eba6d1ebd29ac9582c
SSDEEP

49152:soYhOdMVSJCHjZPauY3huaq+CsVfMixlIi6NpgEaunxrZK5Eaby6kT3:tYiMwC1auY3xnFfblIi6kwnxVbaGnT3

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/mirserver/GameCenter.exe	aspack_v212_v242
static1/unpack001/mirserver/RunGate/RunGate.exe	aspack_v212_v242
static1/unpack001/mirserver/SelGate/SelGate.exe	aspack_v212_v242
static1/unpack001/mirserver/新建文件夹/SelGate.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mirserver/GameCenter.exe
unpack001/mirserver/RunGate/RunGate.exe
unpack001/mirserver/SelGate/SelGate.exe
unpack001/mirserver/新建文件夹/SelGate.exe

Files

f491bec281239e3214295b23205ff2fa_JaffaCakes118
.rar
mirserver/Config.ini
mirserver/GameCenter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 232KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mirserver/Mir200/!Abuse.txt
mirserver/Mir200/!RunAddr.txt
mirserver/Mir200/!ServerTable.txt
mirserver/Mir200/!Setup.txt
mirserver/Mir200/CheckItemList.txt
mirserver/Mir200/Command.ini
mirserver/Mir200/Exps.ini
mirserver/RunGate/BlockIPList.txt
mirserver/RunGate/Config.ini
mirserver/RunGate/Debug.txt
mirserver/RunGate/GameList.txt
mirserver/RunGate/KEY.DAT
mirserver/RunGate/MIRGATE.INI
mirserver/RunGate/RunGate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 225KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mirserver/RunGate/RunGate.ini
mirserver/RunGate/RunGate说明.txt
mirserver/RunGate/WordFilter.txt
mirserver/RunGate/gate.ini
mirserver/RunGate/wordfilt.txt
mirserver/SelGate/BlockIPList.txt
mirserver/SelGate/Config.ini
mirserver/SelGate/SelGate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CallEurekaLog
EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomButtonClickEvent
EurekaLog_CustomDataRequestEventEx
EurekaLog_CustomWebFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_HandledExceptionNotifyEvent
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

Sections

CODE
Size: 314KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mirserver/新建文件夹/BlockIPList.txt
mirserver/新建文件夹/Config.ini
mirserver/新建文件夹/SelGate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 187KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lif
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 232KB - Virtual size: 608KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 84KB

.aspack Size: 27KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 225KB - Virtual size: 592KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 112KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 48KB

.rsrc Size: 20KB - Virtual size: 100KB

.aspack Size: 27KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 314KB - Virtual size: 820KB

DATA Size: 9KB - Virtual size: 32KB

BSS Size: - Virtual size: 656KB

.idata Size: 4KB - Virtual size: 12KB

.edata Size: 1024B - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 56KB

.rsrc Size: 59KB - Virtual size: 112KB

.aspack Size: 27KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 187KB - Virtual size: 468KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 640KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 36KB

.rsrc Size: 13KB - Virtual size: 60KB

.aspack Size: 27KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

.lif Size: - Virtual size: 1B

CODE
Size: 232KB - Virtual size: 608KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 84KB

.aspack
Size: 27KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 225KB - Virtual size: 592KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 112KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 48KB

.rsrc
Size: 20KB - Virtual size: 100KB

.aspack
Size: 27KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 314KB - Virtual size: 820KB

DATA
Size: 9KB - Virtual size: 32KB

BSS
Size: - Virtual size: 656KB

.idata
Size: 4KB - Virtual size: 12KB

.edata
Size: 1024B - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 56KB

.rsrc
Size: 59KB - Virtual size: 112KB

.aspack
Size: 27KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 187KB - Virtual size: 468KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 640KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 36KB

.rsrc
Size: 13KB - Virtual size: 60KB

.aspack
Size: 27KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

.lif
Size: - Virtual size: 1B