31f2ce93404f179a92259972782d4ff5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31f2ce93404f179a92259972782d4ff5_JaffaCakes118
Size

50KB
MD5

31f2ce93404f179a92259972782d4ff5
SHA1

bb59c7cba9e376a61abe531114d335878de68933
SHA256

c4292f41bd1bab3c4eb160b5fef3876b393ab6128fed6de0b61d026dd01f1b39
SHA512

3307d6f4f956aa8191a77a361a85e9d9deff0f546392d40f59197fa451ffdca4fa814e4d1516b095d1fe098b9c91375f35109cfe4f8f10831cafb9a211068b10
SSDEEP

1536:+JHUV/7/6fdddFE5zOQgHv9EOYlw436DPrdJOtb9S:kM/7/Uk5yDvexlwe6DPYQ

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ReYoDisk/ReYoDisk.dll	acprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ReYoDisk/ReYoDisk.dll
unpack001/ReYoDisk/Test.exe

Files

31f2ce93404f179a92259972782d4ff5_JaffaCakes118
.rar
ReYoDisk/@卸载.bat
ReYoDisk/@绿化.bat
ReYoDisk/ReYoDisk.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.packed
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ReYoDisk/Test.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.packed
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLPack
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ReYoDisk/vb调用说明.txt
ReYoDisk/使用前说明.txt
飘荡精品软件.url
.url