24acca8cfaae309dfa8064aca9bb0fe4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24acca8cfaae309dfa8064aca9bb0fe4_JaffaCakes118
Size

184KB
MD5

24acca8cfaae309dfa8064aca9bb0fe4
SHA1

5210d0886cd89bc764a8c01fc255549dd06553d1
SHA256

9f1f0b636694aa4053cb1266fe52de93a9b7072d9e8ef0a34cb64c5ff9d14b3f
SHA512

172b508ec04d934ac54ac26c23d2657a8f1be38d196174cfdb09950712c21d13f46719b375bfe178ab045daedffaeefe67ad4aa24e9b7751e28312888bcb4afa
SSDEEP

3072:N/wSkP0mGH8lUSRfdDtJvga2IBNp2mNUiN1waryWy2ClwkjSKLvVEGG:N/wSkPSclUSRlZJvx2IfUiN2xWyvlwLd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/变速娃娃/变速娃娃.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/变速娃娃/HookDLL.dll
unpack001/变速娃娃/变速娃娃.exe

Files

24acca8cfaae309dfa8064aca9bb0fe4_JaffaCakes118
.rar
变速娃娃/173绿色软件.url
变速娃娃/173软件下载.txt
变速娃娃/HookDLL.dll
.dll windows:5 windows x86 arch:x86

870cd82918b29074489f8170b1078388

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
CreateMutexA
WriteProcessMemory
VirtualProtect
VirtualQuery
GetProcAddress
ReleaseMutex
FreeLibrary
GetLocaleInfoA
GetCurrentProcess
GetLastError
LoadLibraryA
CloseHandle
GetStringTypeW
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA

user32

SetTimer
GetMessageTime
UnhookWindowsHookEx
MessageBoxA
GetWindowThreadProcessId
SetWindowsHookExA
CallNextHookEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

winmm

timeSetEvent
timeGetTime

Exports

Exports

RemoveHook
SetSpeed
SetupHook
UnHook

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
变速娃娃/变速娃娃.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

870cd82918b29074489f8170b1078388

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winmm

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.mydata Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 1012B

.reloc Size: 4KB - Virtual size: 3KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 424KB

UPX1 Size: 149KB - Virtual size: 152KB

.rsrc Size: 14KB - Virtual size: 16KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.mydata
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1012B

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 424KB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 14KB - Virtual size: 16KB