25ce385c7ad009c2cf16a42d7b6bc627_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25ce385c7ad009c2cf16a42d7b6bc627_JaffaCakes118
Size

243KB
MD5

25ce385c7ad009c2cf16a42d7b6bc627
SHA1

94943f662b693549d45ffd226630b0484c62ec54
SHA256

17f81e17b4eef848cc699dbedb1ed7a69caf860fee890bc612576b23a4bb13bf
SHA512

54cabc054f3ea9effb9bd48c7d292d51df75638fee360016247e4f9853917d9e9115a669bf1e83b565cd87e564e1b04686ea98c0eda2b60ce53b4950cba10d6e
SSDEEP

6144:TCb6JGhZ4gUccM1IaW0hVKKLnljVp/rqRPoGaH6:TCCG3TJcBzSFzp2RPoJ6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/flv视频地址探测器/Usp10.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/flv视频地址探测器/Usp10.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Flv视频地址探测器/FLV Spy .exe
unpack001/Flv视频地址探测器/Flv Player.exe
unpack001/flv视频地址探测器/Usp10.dll
unpack002/out.upx

Files

25ce385c7ad009c2cf16a42d7b6bc627_JaffaCakes118
.rar
Flv视频地址探测器/FLV Spy .exe
.exe windows:4 windows x86 arch:x86

ab09e12f4266d259f28a729b2e52db14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
FindClose
FindFirstFileA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
GetFileAttributesA
GetProcAddress
GetModuleHandleA
CreateDirectoryA
GetStdHandle
WriteFile
lstrcatA
OutputDebugStringA
GetLastError
DeleteFileA
CreateFileA
FlushFileBuffers
ReadFile
SetStdHandle
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetSystemInfo
VirtualProtect
SetFilePointer
IsBadCodePtr
GetVersionExA
GetLocaleInfoA
VirtualQuery
InterlockedExchange
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetACP
GetStartupInfoA
HeapReAlloc
HeapAlloc
RaiseException
RtlUnwind
HeapFree
GetModuleFileNameA
GetCommandLineA
lstrcmpA
FindResourceA
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
HeapDestroy
lstrlenW
lstrcpynA
CloseHandle
lstrcpyA
GetCurrentProcess
FlushInstructionCache
CompareStringA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
GetCurrentThreadId
lstrlenA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
WideCharToMultiByte
IsBadReadPtr

user32

InvalidateRgn
CreateDialogIndirectParamA
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
ShowWindow
GetDesktopWindow
IsWindowEnabled
GetFocus
DrawFocusRect
FillRect
EndPaint
IsChild
DispatchMessageA
SetTimer
EndDialog
GetWindowLongA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
GetParent
KillTimer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyWindow
DefWindowProcA
TranslateMessage
IsDialogMessageA
GetMessageA
CreateAcceleratorTableA
RedrawWindow
BeginPaint
GetDlgCtrlID
SetCursor
SetWindowLongA
SendMessageA
CallWindowProcA
CreateWindowExA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetSystemMenu
DrawTextA
GetDC
ReleaseDC
InvalidateRect
GetDlgItemTextA
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
IsWindow
PostQuitMessage
CharNextA
DialogBoxParamA
OffsetRect
LoadCursorA
GetClassNameA
GetSysColor
SetRectEmpty
AppendMenuA
LoadImageA
LoadStringA
DestroyMenu
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
UpdateWindow
ScreenToClient
ClientToScreen
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
wsprintfA

gdi32

SaveDC
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
SetBkMode
TextOutA
RestoreDC
GetStockObject
GetObjectA
SelectObject
SetTextColor
DeleteDC
DeleteObject
CreateFontIndirectA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

OleLockRunning
CoGetClassObject
CoCreateGuid
StringFromIID
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocString
VariantClear
SysFreeString
SysAllocStringLen

comctl32

_TrackMouseEvent
InitCommonControlsEx

urlmon

CoInternetGetSession

ws2_32

WSAStartup
WSACleanup
send
socket
inet_addr
gethostbyname
htons
inet_ntoa
ioctlsocket
connect
closesocket
select
recv
WSAGetLastError

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flv视频地址探测器/Flv Player.exe
.exe windows:4 windows x86 arch:x86

86c873465d7fd010d02e2a82a3174504

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
CloseHandle
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
IsDBCSLeadByte
GlobalFree
GlobalHandle
FreeLibrary
LoadLibraryExA
GetModuleHandleA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
InterlockedExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetStdHandle
WriteFile
ExitProcess
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
RtlUnwind
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetPrivateProfileStringA
WritePrivateProfileStringA
InterlockedIncrement
MulDiv
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
RaiseException
lstrlenA
SetLastError
GetLastError
lstrlenW
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetCurrentProcess
FlushInstructionCache
MultiByteToWideChar
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
GetACP
EnterCriticalSection
SetHandleCount

user32

PostMessageA
GetWindowLongA
SetWindowLongA
SetWindowTextA
LoadCursorA
UnregisterClassA
MoveWindow
EndDialog
BringWindowToTop
GetWindowRect
GetClientRect
ShowWindow
DialogBoxIndirectParamA
GetActiveWindow
SetForegroundWindow
GetSystemMetrics
FindWindowExA
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
GetClassNameA
IsChild
RedrawWindow
InvalidateRgn
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
CharNextA
GetSysColor
DialogBoxParamA
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
SetWindowContextHelpId
CreateWindowExA
DestroyWindow
MapDialogRect
ReleaseDC
ReleaseCapture
GetCursorPos
CallWindowProcA
SendMessageA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetDlgItem
SetCapture

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

DragFinish
DragQueryFileA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
VarBstrCmp
SysAllocString
SysStringByteLen
SysFreeString

comctl32

InitCommonControlsEx

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flv视频地址探测器/history.ini
Flv视频地址探测器/uumeflvplayer.swf
Flv视频地址探测器/更多软件下载.html
Flv视频地址探测器/软件说明.txt
flv视频地址探测器/Usp10.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab09e12f4266d259f28a729b2e52db14

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

urlmon

ws2_32

version

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 8KB

86c873465d7fd010d02e2a82a3174504

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 24KB - Virtual size: 21KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 104KB

UPX1 Size: 61KB - Virtual size: 64KB

UPX2 Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 29KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 24KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 61KB - Virtual size: 64KB

UPX2
Size: 7KB - Virtual size: 8KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 5KB