f9b8d09370dfd6df674177f95813a39d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9b8d09370dfd6df674177f95813a39d_JaffaCakes118
Size

1.8MB
MD5

f9b8d09370dfd6df674177f95813a39d
SHA1

1e3698a6ea0d932b32a82b182ca79c0fd9f2ff9b
SHA256

abc27554ee895e64e577e04ec876d0a7cd46daccba17ecc2eee856fc681ac7c7
SHA512

3649699f8628856f3d341fb54becd5d8e71c7952e6d377850b67bc2d0f51f1a05f9f812f6076b40521191e947e00466aacf14b2357902878b7130f2fcd8420c6
SSDEEP

49152:JRoAcYuLsOmehDoyD3BTkPXNkQUnXvsgZrJnGFB:3En0WoyD3hkvNkQc/nZ1n8

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/QQ宠物管家060330屠龙倚天绿化配置版/dmshell.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinMonitor.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/QQ宠物管家060330屠龙倚天绿化配置版/dmshell.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ宠物管家060330屠龙倚天绿化配置版/PetSkinHook.dll
unpack001/QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkin.exe
unpack001/QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinEx.exe
unpack001/QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinMonitor.exe
unpack001/QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinUpdate.exe
unpack001/QQ宠物管家060330屠龙倚天绿化配置版/dmshell.dll

Files

f9b8d09370dfd6df674177f95813a39d_JaffaCakes118
.rar
QQ宠物管家060330屠龙倚天绿化配置版/PetSkinHook.dll
.dll windows:4 windows x86 arch:x86

92de236b0d22b96c8392aaf2a02f880d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

winmm

waveOutOpen

Exports

Exports

StartHook
StopHook

Sections

pec1
Size: 165KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ宠物管家060330屠龙倚天绿化配置版/QQPetServer.ini
QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkin.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 361KB - Virtual size: 956KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinEx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 179KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinMonitor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 142KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ宠物管家060330屠龙倚天绿化配置版/QQPetSkinUpdate.exe
.exe windows:4 windows x86 arch:x86

c836018a33dd4fef0cd42db5bf1cf099

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

winmm

timeGetTime

Sections

pec1
Size: 250KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ宠物管家060330屠龙倚天绿化配置版/dmshell.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

registerMe
stopAd

Sections

UPX0
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ宠物管家060330屠龙倚天绿化配置版/下载说明.htm
.html .js polyglot
QQ宠物管家060330屠龙倚天绿化配置版/重要说明.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

92de236b0d22b96c8392aaf2a02f880d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

comctl32

shell32

winmm

Exports

Exports

Sections

pec1 Size: 165KB - Virtual size: 388KB

.rsrc Size: 7KB - Virtual size: 20KB

pec2 Size: 512B - Virtual size: 4KB

.pec Size: 1KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 361KB - Virtual size: 956KB

Size: 5KB - Virtual size: 16KB

Size: - Virtual size: 8KB

Size: 10KB - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 64KB

.rsrc Size: 106KB - Virtual size: 360KB

.data Size: 155KB - Virtual size: 156KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 179KB - Virtual size: 436KB

Size: 3KB - Virtual size: 8KB

Size: - Virtual size: 4KB

Size: 7KB - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 36KB

.rsrc Size: 7KB - Virtual size: 24KB

.data Size: 154KB - Virtual size: 156KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 142KB - Virtual size: 336KB

DATA Size: 2KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 24KB

.rsrc Size: 5KB - Virtual size: 16KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

c836018a33dd4fef0cd42db5bf1cf099

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

comctl32

shell32

winmm

Sections

pec1 Size: 250KB - Virtual size: 648KB

.rsrc Size: 33KB - Virtual size: 72KB

pec1
Size: 165KB - Virtual size: 388KB

.rsrc
Size: 7KB - Virtual size: 20KB

pec2
Size: 512B - Virtual size: 4KB

.pec
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 106KB - Virtual size: 360KB

.data
Size: 155KB - Virtual size: 156KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 24KB

.data
Size: 154KB - Virtual size: 156KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 142KB - Virtual size: 336KB

DATA
Size: 2KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 24KB

.rsrc
Size: 5KB - Virtual size: 16KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

pec1
Size: 250KB - Virtual size: 648KB

.rsrc
Size: 33KB - Virtual size: 72KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 624KB

UPX1
Size: 378KB - Virtual size: 380KB

.rsrc
Size: 512B - Virtual size: 4KB