43b44e34b075df4a4944463c8424c9ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43b44e34b075df4a4944463c8424c9ed_JaffaCakes118
Size

1.7MB
MD5

43b44e34b075df4a4944463c8424c9ed
SHA1

43777bc5f178f70c957079167c152f0282bba114
SHA256

e3bd0c0e9356b9e32d69fef996d3aa16e3415b41c6f70d563e51749f1d243625
SHA512

89e58b8dcaadd80929cf4076b17548e49c891edfa3904b4a4199e8a804cebe41a82ca405871a4d7af56ac0b7921131a326267d2b80a6d2d3aae67e16e17b8336
SSDEEP

49152:Xut64kvU00t6Kn43N+WapnTpYJAfy3Hal:XuArvUl6MFVFTp3cg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/-һ.dll	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/-һ.dll

Files

43b44e34b075df4a4944463c8424c9ed_JaffaCakes118
.zip
绿盟.url
.url
-һ.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HB_beinvited
HB_beinvited_bt
HB_beinvited_je
HB_day
HB_day_bt
HB_day_je
HB_invited
HB_invited_bt
HB_invited_je
HB_rain
HB_receive
HB_send
HB_send_api
HB_send_null
HB_switch
KL_bt
KL_rain
KL_send
KL_send_api
KL_send_null
KL_switch
KL_txt
MPZ_beinvited
MPZ_beinvited_num
MPZ_day
MPZ_invited
MPZ_invited_num
MPZ_msg
MPZ_rain
MPZ_receive
MPZ_send
MPZ_send_api
MPZ_send_null
MPZ_switch
api_main
api_null
api_num_ins
api_num_sea
api_num_win
api_ver
dllmenu
more_duihuan_cd
more_duihuan_dh
releasedllfun
startdllfun
system_HB_ins
system_HB_red
system_MPZ_ins
system_MPZ_red
system_config
system_data
system_myinfo
system_qun_data
system_ver
system_window

Sections

0
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-һ.txt - ݷʽ.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

0 Size: - Virtual size: 3.9MB

UPX1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 9KB - Virtual size: 12KB

.rmnet Size: 56KB - Virtual size: 60KB

0
Size: - Virtual size: 3.9MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 9KB - Virtual size: 12KB

.rmnet
Size: 56KB - Virtual size: 60KB