4a6e2622e2e87324411aa9bf43b5fe4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a6e2622e2e87324411aa9bf43b5fe4a_JaffaCakes118
Size

1.2MB
MD5

4a6e2622e2e87324411aa9bf43b5fe4a
SHA1

69e52f7251b796cb712f218b26d59e9504f0a25b
SHA256

3bfe88e7ee414357545f475753f93aa7c11643bd250ded3c4b282ad26d77810a
SHA512

40f2ef16e1b421a698b70665e34952b3c9d09c529303586097be33f5ea44ef968642d0648b7f1734b842f80f372279e1cbde1ead8f4478c50a251bc7ebdbb733
SSDEEP

24576:Qo99ApTHyq1Lm5djZe/CfbkxQ0wgQLxUviqbRznEnA:vDMTHr1LmHZe/CwxQ0KLeiqlH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/qt频道ID查询器.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qt频道ID查询器.exe

Files

4a6e2622e2e87324411aa9bf43b5fe4a_JaffaCakes118
.rar
qt频道ID查询器.exe
.exe windows:5 windows x86 arch:x86

f2c1222645e9bed12c41fc3b5c3c5d8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

waveOutPrepareHeader

ws2_32

getpeername

kernel32

GetVersionExA
GetVersion
GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

OpenClipboard

gdi32

LineTo

msimg32

GradientFill

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_Duplicate

wininet

InternetCanonicalizeUrlA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html
使用帮助(河东软件站).url
.url
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

f2c1222645e9bed12c41fc3b5c3c5d8d

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 472KB

.rdata Size: - Virtual size: 76KB

.data Size: - Virtual size: 269KB

.vmp0 Size: - Virtual size: 1002KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 472KB

.rdata
Size: - Virtual size: 76KB

.data
Size: - Virtual size: 269KB

.vmp0
Size: - Virtual size: 1002KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 8KB - Virtual size: 6KB