327ea643e5be773b8d833203373bfa55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

327ea643e5be773b8d833203373bfa55_JaffaCakes118
Size

2.2MB
MD5

327ea643e5be773b8d833203373bfa55
SHA1

4449c04149d8f25931524b497297e486fb57be01
SHA256

fdb99edf862d174b945580760d9937b48d6b202f7905c5533cc129d0acd5b613
SHA512

2a122fd26d5932a70aba4f57e765542bf051b754dd67a6769f926f2065dfa7c49fe33b01ce41ea4ee073a933c9cb4e78d0add69a9c7965ad0826572ea2db2321
SSDEEP

49152:L+dYjIRjSam1SYDg2wYlIAY9UUbR+Ph/t4NlKEe6z+2iDD:L+MESfg2wLr9p+Ph/t4PKEe6z+hD

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/xiaoW_gjjh/xiaoW_gjjh/SkinH_EL.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/xiaoW_gjjh/xiaoW_gjjh/SkinH_EL.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xiaoW_gjjh/xiaoW_gjjh/SkinH_EL.dll
unpack001/xiaoW_gjjh/xiaoW_gjjh/晓w-工具集合3.2.exe

Files

327ea643e5be773b8d833203373bfa55_JaffaCakes118
.rar
xiaoW_gjjh/xiaoW_gjjh/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xiaoW_gjjh/xiaoW_gjjh/晓w-工具集合3.2.exe
.exe windows:5 windows x86 arch:x86

42d056d201598d001a6fc635df6c733c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

recvfrom

rasapi32

RasHangUpA

kernel32

lstrcmpA

user32

GetKeyState

gdi32

GetTextExtentPoint32A

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

StgCreateDocfileOnILockBytes

oleaut32

SafeArrayGetDim

comctl32

ImageList_Draw

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseFontA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 968KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.url
软件E线下载.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

42d056d201598d001a6fc635df6c733c

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

msvcrt

iphlpapi

psapi

Sections

.text Size: 968KB - Virtual size: 2.5MB

.sedata Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.sedata Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 968KB - Virtual size: 2.5MB

.sedata
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 4KB - Virtual size: 4KB