27860098d8e0c0ac47f803fa84e3734b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27860098d8e0c0ac47f803fa84e3734b_JaffaCakes118
Size

1.1MB
MD5

27860098d8e0c0ac47f803fa84e3734b
SHA1

4bdb851c66b0c9e10c1209b6e80ab07c7d06381f
SHA256

4563875e4abe3a911b55fc3646f46da755b47ed7752f7148590b703c6abf6a3c
SHA512

c288ec0f4e554d8ff3e44eaf212ce870d117ff45738bc7757ce3989cb7bde8b81cbb31aa6012b3e91aed3877df398d8595a6b0983938f54adafab38ea619b85e
SSDEEP

24576:eNtuCBG87pYDsVzHBBYWP33onbMuHc7sOnUgeW0:Yt74enTBBYsm4u87sOUg2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/OfflineCrack/XLUserS.dll	vmprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OfflineCrack/XLUserS.dll
unpack001/OfflineCrack/sqlite3.dll
unpack001/OfflineCrack/zlib1.dll
unpack001/OfflineCrack/zlib2.dll

Files

27860098d8e0c0ac47f803fa84e3734b_JaffaCakes118
.rar
OfflineCrack/XLUserS.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c572a7408efee7c0fb75262e0307ce78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACancelAsyncRequest

iphlpapi

GetAdaptersInfo

xlluaruntime

lua_tonumber

kernel32

CreateFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

UnRegisterTypeLi

atl90

ord15

msvcp90

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@

msvcr90

fseek

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
XLUserS_CreateXunleiUserInstance

Sections

.text
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OfflineCrack/sqlite3.dll
.dll windows:5 windows x86 arch:x86

6460c77dfb63dbe47d2580346c89c619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\project\svn_3rd_source\sqlite-amalgamation-3071100\sqlitedll\Release\sqlite3.pdb

Imports

kernel32

FreeLibrary
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange

msvcr90

realloc
memmove
_localtime64_s
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
malloc
free
strncmp
memcpy
memset

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_utf8_to_mbcs

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OfflineCrack/zlib1.dll
.dll windows:5 windows x86 arch:x86

7275d3a8864503fcb768ff37ce13d49a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlFreeHeap
RtlInitUnicodeString
RtlInitAnsiString
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrUnlockLoaderLock
RtlPushFrame
NtClose
RtlReAllocateHeap
NtDelayExecution
RtlPopFrame
NtFlushInstructionCache
LdrLoadDll
RtlGetFrame
LdrLockLoaderLock
LdrFindEntryForAddress
RtlCreateUserThread
NtDeviceIoControlFile
RtlCreateHeap
NtProtectVirtualMemory
LdrDisableThreadCalloutsForDll
RtlAllocateHeap
RtlUnwind

msvcrt

strstr

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.Asuna
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 762B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OfflineCrack/zlib2.dll
.dll windows:4 windows x86 arch:x86

fd348b107c9a12537c4d666dc366ec5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_open
_read
_write
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_unlock
_vsnprintf
_wopen
abort
atoi
calloc
fputc
free
getenv
localeconv
malloc
memchr
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
wcslen
wcstombs

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OfflineCrack/使用说明.rtf
.rtf
极光下载站-xz7.com.url
.url

Sharing

General

Malware Config

Signatures

Files

c572a7408efee7c0fb75262e0307ce78

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

xlluaruntime

kernel32

user32

shell32

ole32

oleaut32

atl90

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: - Virtual size: 240KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 10KB

.vmp0 Size: - Virtual size: 751KB

.vmp1 Size: 788KB - Virtual size: 788KB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 17KB - Virtual size: 17KB

6460c77dfb63dbe47d2580346c89c619

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

7275d3a8864503fcb768ff37ce13d49a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

Exports

Exports

Sections

.Asuna Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 762B

.reloc Size: 512B - Virtual size: 308B

fd348b107c9a12537c4d666dc366ec5f

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 128B

.rdata Size: 19KB - Virtual size: 18KB

.bss Size: - Virtual size: 3KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 900B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 240KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 10KB

.vmp0
Size: - Virtual size: 751KB

.vmp1
Size: 788KB - Virtual size: 788KB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 17KB - Virtual size: 17KB

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB

.Asuna
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 762B

.reloc
Size: 512B - Virtual size: 308B

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 900B

.reloc
Size: 2KB - Virtual size: 1KB