50f57c95997a983127379cabe6eed811_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

50f57c95997a983127379cabe6eed811_JaffaCakes118
Size

619KB
MD5

50f57c95997a983127379cabe6eed811
SHA1

d07b9852cee04d1b12f2d5fa354c32b40e5eb8b2
SHA256

9d8da24091d43068281f92a5e4417cab703a277e6eb95ba474c3308da0ccdeb0
SHA512

ac469741ce93c44d3d0301ab3a46e1760456a2abb9725d04cce9449a67e3f55430312c546fdcc08562bbc9cbfaac1b36be2c069f19bcdaef9b20a72df0eb2897
SSDEEP

12288:/qEsQDqIX5tlThhFmGYfmGMXMq/1Hz1YzID1AZughyJ8TcTZv3Nbf+lkk60IJ7hE:/vJpzlTPTN8kx8spghyJ2k13FIkVJ7hE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/佛教导航.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Usp10.dll
unpack001/佛教导航.exe
unpack002/out.upx

Files

50f57c95997a983127379cabe6eed811_JaffaCakes118
.rar
Usp10.dll
.dll windows:4 windows x86 arch:x86

c17e93042d68f95fcda1112bf9ccde57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetTickCount
WriteProcessMemory
SetFileTime
SetErrorMode
FreeLibrary
GetSystemDirectoryA
ReadProcessMemory
lstrcatA
ReadFile
WaitForSingleObject
CreateProcessA
GetVolumeInformationA
GetWindowsDirectoryA
DeviceIoControl
GetLogicalDriveStringsA
GetFileAttributesA
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
IsBadReadPtr
CloseHandle
CreateThread
WinExec
GetModuleFileNameA
SystemTimeToFileTime
DisableThreadLibraryCalls
SetFilePointer
CreateFileA
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
WriteFile
FileTimeToSystemTime
GetLocalTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
HeapAlloc
RtlUnwind
DeleteFileA
FindFirstFileA
FindNextFileA
FileTimeToLocalFileTime
MoveFileA
ExitProcess
TerminateProcess
HeapFree
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA

user32

CloseClipboard
SetClipboardData
MessageBoxA
GetWindowLongA
SetWindowLongA
SendMessageA
ShowWindow
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
佛教导航.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 216KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c17e93042d68f95fcda1112bf9ccde57

Headers

File Characteristics

Imports

kernel32

user32

version

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 20KB - Virtual size: 35KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 444KB

UPX1 Size: 216KB - Virtual size: 220KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 502KB - Virtual size: 502KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 7KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 38KB - Virtual size: 37KB

.rsrc Size: 68KB - Virtual size: 68KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 35KB

.reloc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 444KB

UPX1
Size: 216KB - Virtual size: 220KB

.rsrc
Size: 12KB - Virtual size: 16KB

CODE
Size: 502KB - Virtual size: 502KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 68KB - Virtual size: 68KB