4115f8877aea2800f3b1db7264a81aa6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4115f8877aea2800f3b1db7264a81aa6_JaffaCakes118
Size

14.6MB
MD5

4115f8877aea2800f3b1db7264a81aa6
SHA1

e1b4c57a21edd3006551904b1bc04920f8d6426b
SHA256

8ca419c298f15f8b737db25af6b0063e42d1557547b98ca2c7ae659d61c077bc
SHA512

efa5ea2f288d1a72571618f27f656e125589ca20af875192138b78930769181cbf8ed730a7735c1686d9e550caac9eededdd9e7a5b855147bcdb4fa72a1053e2
SSDEEP

196608:vv0Qj8I0qSYNXXq7Z9bh1opzw3jzfO6MGXDIE/ZYGw7MakNb7cA2KgPuJREC7ehU:v8I7xG3Ok+ZGXcE/qJkN72KsC7Kzcx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Pa.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Pa.exe

Files

4115f8877aea2800f3b1db7264a81aa6_JaffaCakes118
.rar
9553绿色软件站.htm
.html
Pa.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RoboForm-Setup.exe
.exe windows:4 windows x86 arch:x86

cbb1610c780a42e28a1f63c2cb9fec71

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:72:1e:6f:48:5b:be:35:5e:57:d2:a4:aa:24:d7:c2
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/02/2012, 00:00

Not After

12/02/2017, 23:59

Subject

CN=Siber Systems Inc,OU=RoboForm GoodSync,O=Siber Systems Inc,POSTALCODE=22033,STREET=Suite 380+STREET=11781 Lee Jackson Hwy,L=Fairfax,ST=VA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\p\roboform\release\RfSetup.pdb

Imports

kernel32

GetSystemTime
GetFileAttributesExW
ReadFile
GetCurrentProcessId
WideCharToMultiByte
GetTimeZoneInformation
LoadLibraryA
GetModuleHandleA
GetFileType
GetStdHandle
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
FlushFileBuffers
CompareStringA
GetConsoleCP
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetModuleFileNameA
HeapCreate
HeapDestroy
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetDriveTypeW
GetLocalTime
lstrcpynW
GetFileTime
CompareFileTime
LocalAlloc
GetTempPathW
CreateEventW
DeviceIoControl
GetSystemTimeAsFileTime
SetFileTime
WaitForSingleObject
GetExitCodeProcess
GetVersionExW
CopyFileW
DeleteFileW
FindFirstFileW
FindNextFileW
lstrcmpW
FindClose
GetShortPathNameW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProcAddress
SetFilePointer
SetEndOfFile
GetFileSize
lstrlenA
FormatMessageW
LocalFree
GetCurrentProcess
FlushInstructionCache
SetLastError
GetTickCount
GetTempFileNameW
CreateDirectoryW
RemoveDirectoryW
CreateFileW
WriteFile
lstrcpyW
GetPrivateProfileStringW
GetFileAttributesW
Sleep
GetVersion
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleHandleW
lstrlenW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
GetCurrentThreadId
SetErrorMode
GetModuleFileNameW
SetStdHandle
GetStartupInfoW
HeapReAlloc
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcatW
GetLastError
CreateProcessW
CloseHandle
CompareStringW

user32

ShowWindow
SetWindowTextW
CharNextW
MessageBoxW
wsprintfW
UnregisterClassA
DestroyWindow
UpdateWindow
MessageBoxA
GetDesktopWindow
IsWindow
GetProcessWindowStation
GetUserObjectInformationW
ExitWindowsEx
MsgWaitForMultipleObjects
SetWindowLongW
CreateDialogParamW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetWindowLongW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SendMessageW

advapi32

GetTokenInformation
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegisterEventSourceA
ReportEventA
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
FreeSid
OpenProcessToken
DeregisterEventSource
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW

shell32

ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt
单机游戏下载，最新单机游戏下载.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 456KB

UPX1 Size: 136KB - Virtual size: 140KB

UPX2 Size: 512B - Virtual size: 4KB

cbb1610c780a42e28a1f63c2cb9fec71

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ee:72:1e:6f:48:5b:be:35:5e:57:d2:a4:aa:24:d7:c2Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 560KB - Virtual size: 559KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 11KB - Virtual size: 45KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 53KB - Virtual size: 53KB

UPX0
Size: - Virtual size: 456KB

UPX1
Size: 136KB - Virtual size: 140KB

UPX2
Size: 512B - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ee:72:1e:6f:48:5b:be:35:5e:57:d2:a4:aa:24:d7:c2
Certificate

.text
Size: 560KB - Virtual size: 559KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 11KB - Virtual size: 45KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 53KB - Virtual size: 53KB