2377cafe2b8663013e5d445b4e006dd0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2377cafe2b8663013e5d445b4e006dd0_JaffaCakes118
Size

5.1MB
MD5

2377cafe2b8663013e5d445b4e006dd0
SHA1

9233562df30d948497d15c54e99ebea205cb6904
SHA256

76ea6ef7a2ae4f9107889449f42362e738a2c9e7be70c7b000465f22281a8c22
SHA512

2703f2c205743c88925d1d40d168e851363357ded85fa9c9e90c1d4b3852da16375c02b90019205c0c56db3f9d78550f9c1f4930f5f5c5e94f24edc5f8b0ecda
SSDEEP

98304:eGL0stvmShyUbNYndpTaPGKeyiRJV86Re7oEaZKryrfqXTPdgXFWHlRg/Ab:NLVtesNxYdpTPKtSHRe7BIiXTPdgEHlV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/象棋辅助最新可用增强版/点我打开.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/象棋辅助最新可用增强版/AIEngine/4核旋风密版626/Cyclone.exe
unpack001/象棋辅助最新可用增强版/AIEngine/小虫610k/小虫.exe
unpack001/象棋辅助最新可用增强版/AIEngine/旋风6.2版/cyclone.exe
unpack001/象棋辅助最新可用增强版/AIEngine/象棋名手_3.26引擎/xqmseng.exe
unpack001/象棋辅助最新可用增强版/点我打开.exe

Files

2377cafe2b8663013e5d445b4e006dd0_JaffaCakes118
.rar
使用说明.url
极速软件下载.url
.url
象棋辅助最新可用增强版/AIEngine/4核旋风密版626/Cyclone.exe
.exe windows:4 windows x86 arch:x86

e18e29d71b88c629b26be665d00fd965

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekNamedPipe
GetNumberOfConsoleInputEvents
FlushConsoleInputBuffer
GetTickCount
GetConsoleMode
SetConsoleMode
GetStdHandle
GetLastError
SetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
CreateEventA
DeleteCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
ExitProcess
ExitThread
CloseHandle
ResumeThread
CreateThread
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
RestoreLastError
GetCurrentThreadId
InterlockedDecrement
RtlUnwind
MultiByteToWideChar
ReadFile
LockResource
GetFileType
GetStartupInfoA
SetFilePointer
WriteFile
GetModuleFileNameA
LoadLibraryA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
CreateFileA
SetStdHandle
GetConsoleCP
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException

Sections

Size: 216KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ңң
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
象棋辅助最新可用增强版/AIEngine/4核旋风密版626/cyclone.ini
象棋辅助最新可用增强版/AIEngine/小虫610k/小虫.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
象棋辅助最新可用增强版/AIEngine/旋风6.2版/cyclone.exe
.exe windows:5 windows x86 arch:x86

6170b955fdedc6ef8a094d501afd6651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent

Sections

Size: 182KB - Virtual size: 49.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qwpneuhm
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hvhfnuxi
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
象棋辅助最新可用增强版/AIEngine/旋风6.2版/cyclone.ini
象棋辅助最新可用增强版/AIEngine/旋风6.2版/cyclonegui.ini
象棋辅助最新可用增强版/AIEngine/象棋名手_3.26引擎/xqmseng.exe
.exe windows:5 windows x86 arch:x86

143dfeea3c414cb41e0d2ce7d815d927

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32 kernel32

FreeEnvironmentStringsW ��U

Sections

.text
Size: 226KB - Virtual size: 21.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 414KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
象棋辅助最新可用增强版/AIEngine/象棋名手_3.26引擎/xqmsguicfg.ini
象棋辅助最新可用增强版/optionv1.ini
象棋辅助最新可用增强版/点我打开.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_MEM_READ

VPR_DEMO
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VPR_DEMO
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VPR_DEMO
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

VPR_DEMO
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e18e29d71b88c629b26be665d00fd965

Headers

File Characteristics

Imports

kernel32

Sections

Size: 216KB - Virtual size: 220KB

Size: 80KB - Virtual size: 84KB

Size: 5KB - Virtual size: 2.9MB

.rsrc Size: 158B - Virtual size: 4KB

.ңң Size: 322KB - Virtual size: 324KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 437KB - Virtual size: 437KB

.text1 Size: 4KB - Virtual size: 4KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 12KB - Virtual size: 15.3MB

.data1 Size: 21KB - Virtual size: 21KB

.trace Size: 1024B - Virtual size: 692B

6170b955fdedc6ef8a094d501afd6651

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 182KB - Virtual size: 49.1MB

.rsrc Size: 512B - Virtual size: 436B

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 4.1MB

qwpneuhm Size: 2.1MB - Virtual size: 2.1MB

hvhfnuxi Size: 512B - Virtual size: 4KB

143dfeea3c414cb41e0d2ce7d815d927

Headers

File Characteristics

Imports

kernel32 kernel32

Sections

.text Size: 226KB - Virtual size: 21.0MB

SE Size: 414KB - Virtual size: 416KB

SE Size: 14KB - Virtual size: 16KB

SE Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: 4KB - Virtual size: 1.0MB

VPR_DEMO Size: 700KB - Virtual size: 700KB

VPR_DEMO Size: 1.4MB - Virtual size: 1.4MB

VPR_DEMO Size: 4KB - Virtual size: 4KB

VPR_DEMO Size: 16KB - Virtual size: 16KB

.rsrc
Size: 158B - Virtual size: 4KB

.ңң
Size: 322KB - Virtual size: 324KB

.text
Size: 437KB - Virtual size: 437KB

.text1
Size: 4KB - Virtual size: 4KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 12KB - Virtual size: 15.3MB

.data1
Size: 21KB - Virtual size: 21KB

.trace
Size: 1024B - Virtual size: 692B

.rsrc
Size: 512B - Virtual size: 436B

.idata
Size: 512B - Virtual size: 4KB

qwpneuhm
Size: 2.1MB - Virtual size: 2.1MB

hvhfnuxi
Size: 512B - Virtual size: 4KB

.text
Size: 226KB - Virtual size: 21.0MB

SE
Size: 414KB - Virtual size: 416KB

SE
Size: 14KB - Virtual size: 16KB

SE
Size: 4KB - Virtual size: 4KB

UPX0
Size: 4KB - Virtual size: 1.0MB

VPR_DEMO
Size: 700KB - Virtual size: 700KB

VPR_DEMO
Size: 1.4MB - Virtual size: 1.4MB

VPR_DEMO
Size: 4KB - Virtual size: 4KB

VPR_DEMO
Size: 16KB - Virtual size: 16KB