5f32ca67d270ed5c885b6cbbcf026155_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f32ca67d270ed5c885b6cbbcf026155_JaffaCakes118
Size

976KB
MD5

5f32ca67d270ed5c885b6cbbcf026155
SHA1

611adc4b47e6577701864f404f64689db7a92d86
SHA256

9cbcd489928a19641246212731e978bd19eac08a3ffee89b901dfb73c5907127
SHA512

5b3897369d93e3b80307374e9e38579e4514c9623a8b8a839e942b7a7f06a7c4539f9becbc075018b389f6d5de7a14ba324f2162fc0dd850d1175cf084a8d062
SSDEEP

12288:AJjzhrZu/UuDY1LocWVLVDVcrIN0VLIN3L3CCllLIRtrwVuhD2o81bfZ/1vKHDTZ:AZQvQ0cOzQVLItCEl0ti17Onn096

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/源码_80574/源码/TLBB/RegDll.dll	acprotect
static1/unpack001/源码_80574/源码/TLBB/dm.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/源码_80574/源码/TLBB/RegDll.dll	upx
static1/unpack001/源码_80574/源码/TLBB/dm.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/源码_80574/源码/TLBB/RegDll.dll
unpack002/out.upx
unpack001/源码_80574/源码/TLBB/dm.dll
unpack003/out.upx
unpack001/源码_80574/源码/TLBB/lyydt.dll
unpack001/源码_80574/源码/VB-BIG-001/TLBBUI.ocx

Files

5f32ca67d270ed5c885b6cbbcf026155_JaffaCakes118
.rar
源码_80574/源码/TLBB/94.bmp
源码_80574/源码/TLBB/RegDll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 866B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
源码_80574/源码/TLBB/TLBBzk.txt
源码_80574/源码/TLBB/dm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 536KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
源码_80574/源码/TLBB/lyydt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4ed4a23ab5a40cd5f78d020439d73fb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaFreeVar
__vbaGosubReturn
__vbaAptOffset
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaCyI4
ord561
__vbaObjVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCySub
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaVarCat
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
__vbaVarCopy
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
源码_80574/源码/TLBB/pic.bmp
源码_80574/源码/TLBB/优质龙井.bmp
源码_80574/源码/TLBB/坐标.bmp
源码_80574/源码/TLBB/天龙验证选择.bmp
源码_80574/源码/TLBB/干花.bmp
源码_80574/源码/TLBB/染扎.bmp
源码_80574/源码/TLBB/汾酒.bmp
源码_80574/源码/TLBB/注册大漠插件到系统.bat
源码_80574/源码/TLBB/珍珠.bmp
源码_80574/源码/TLBB/琉璃.bmp
源码_80574/源码/TLBB/笋干.bmp
源码_80574/源码/TLBB/粮食.bmp
源码_80574/源码/TLBB/红枣.bmp
源码_80574/源码/TLBB/铃声.mp3
源码_80574/源码/TLBB/面粉.bmp
源码_80574/源码/VB-BIG-001/Helper.bas
.vbs
源码_80574/源码/VB-BIG-001/MSSCCPRJ.SCC
源码_80574/源码/VB-BIG-001/QMacroUI.ctl
.vbs
源码_80574/源码/VB-BIG-001/QMacroUI.ctx
源码_80574/源码/VB-BIG-001/QMacroUI.vbp
源码_80574/源码/VB-BIG-001/QMacroUI.vbw
源码_80574/源码/VB-BIG-001/TLBBUI.exp
源码_80574/源码/VB-BIG-001/TLBBUI.lib
源码_80574/源码/VB-BIG-001/TLBBUI.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

bce896858d422bb835c9b9ddcd3f1f48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord307
_CIsin
__vbaVargVarMove
__vbaChkstk
EVENT_SINK_AddRef
ord563
_adj_fpatan
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaVarLateMemCallLd
__vbaFpI4
_CIatan
__vbaI2ErrVar
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 866B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 516KB

UPX1 Size: 408KB - Virtual size: 408KB

.rsrc Size: 24KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 536KB - Virtual size: 534KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 40KB - Virtual size: 100KB

.rsrc Size: 92KB - Virtual size: 88KB

.vmp0 Size: 36KB - Virtual size: 32KB

.vmp1 Size: 36KB - Virtual size: 34KB

.reloc Size: 28KB - Virtual size: 25KB

4ed4a23ab5a40cd5f78d020439d73fb4

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

bce896858d422bb835c9b9ddcd3f1f48

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 866B

UPX0
Size: - Virtual size: 516KB

UPX1
Size: 408KB - Virtual size: 408KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 536KB - Virtual size: 534KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 40KB - Virtual size: 100KB

.rsrc
Size: 92KB - Virtual size: 88KB

.vmp0
Size: 36KB - Virtual size: 32KB

.vmp1
Size: 36KB - Virtual size: 34KB

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 88KB - Virtual size: 87KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB