76e70ddcdb7d46996a9675d6f53a0636_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

76e70ddcdb7d46996a9675d6f53a0636_JaffaCakes118
Size

1.1MB
MD5

76e70ddcdb7d46996a9675d6f53a0636
SHA1

9ceabba111663d3943d8f5713e54f97f47b378fa
SHA256

b80a4de9ce847c9837d2af46c7f2e0c5837ed6157bc6fd5138b02f4b6a5b2243
SHA512

a892cef573943975dbb4f6beee12e703aa1659a6fb8123bf3bce464297ea36ed8244689592b231078cde6cc2d83c8e268e2e56869f682f4e51b6b96643fb41b4
SSDEEP

24576:qbyt6q+0a8eouzxT11JqvcrXkaW7omxqZDL6CUM+ZH8zIbvD:U8o0NetzxTJqUrXkFoI+fdx+ZczyvD

Score

7^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/banlv/倚天伴侣.exe	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/banlv/context.dll	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/banlv/context.dll
unpack001/banlv/倚天伴侣.exe
unpack002/out.upx

Files

76e70ddcdb7d46996a9675d6f53a0636_JaffaCakes118
.rar
banlv/config.ini
banlv/context.dll
.dll windows:4 windows x86 arch:x86

1d3aaae5c223bc8cb1c1516efa58d4ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControls

ddraw

DirectDrawCreateEx

dsound

DirectSoundCreate8

gdi32

CreateSolidBrush
DeleteObject
ExtTextOutA
SetBkColor
SetBkMode
SetTextColor
TextOutA

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FindResourceA
FlushInstructionCache
FreeLibrary
GetAtomNameA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSizeEx
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetStdHandle
GetThreadTimes
GetTickCount
InitializeCriticalSection
InterlockedExchange
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
LoadResource
LockFile
LockResource
MapViewOfFile
OpenFileMappingA
OpenThread
OutputDebugStringA
PeekConsoleInputA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ReleaseSemaphore
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SizeofResource
Sleep
SuspendThread
TerminateThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteConsoleInputA
WritePrivateProfileStringA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

__dllonexit
__mb_cur_max
_assert
_controlfp
_errno
_filelengthi64
_findclose
_findfirst
_findnext
_get_osfhandle
_iob
_isctype
_itoa
_mkdir
_pctype
_stricmp
_ultoa
abort
calloc
exit
fclose
fflush
fgetpos
fgets
fopen
fputs
fread
free
freopen
fsetpos
ftell
fwrite
localeconv
localtime
malloc
mbstowcs
memmove
rand
realloc
setvbuf
sprintf
srand
strtoul
time
tolower
toupper
vfprintf
wcslen

ntdll

NtDeviceIoControlFile
memcpy
memset
strcat
strcpy
strlen
strstr

shell32

ShellExecuteA

user32

CallNextHookEx
CallWindowProcA
CreateDialogParamA
CreateWindowExA
DrawFrameControl
EnableWindow
EndDialog
EnumWindows
GetActiveWindow
GetAsyncKeyState
GetDlgItem
GetSysColor
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
KillTimer
LoadStringA
MapVirtualKeyA
MessageBoxA
MoveWindow
PostMessageA
PostQuitMessage
ReleaseCapture
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowTextA
SetWindowsHookExA
ShowWindow
VkKeyScanA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

winmm

timeGetTime

ws2_32

closesocket
connect
ntohl
send

Exports

Exports

TEMP@0

Sections

.text
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 574KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
banlv/readme.txt
banlv/倚天伴侣.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 792KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 234KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
banlv/配置/一键烤鱼列表.txt
banlv/配置/卖活鱼列表.txt
banlv/配置/合鱼列表.txt
banlv/配置/开鱼列表.txt
banlv/配置/扔死鱼列表.txt
banlv/配置/攻速药.txt
banlv/配置/整理物品列表.txt
banlv/配置/杂货店员列表.txt
banlv/配置/神药.txt
banlv/配置/红药.txt
banlv/配置/蓝药.txt
banlv/配置/解毒药.txt
banlv/配置/跑速药.txt
banlv/配置/防御药.txt

Sharing

General

Malware Config

Signatures

Files

1d3aaae5c223bc8cb1c1516efa58d4ce

Headers

File Characteristics

Imports

advapi32

comctl32

ddraw

dsound

gdi32

kernel32

msvcrt

ntdll

shell32

user32

wininet

winmm

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 192KB

.data Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 12KB

.bss Size: - Virtual size: 574KB

.edata Size: - Virtual size: 69B

.idata Size: - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 40KB

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: - Virtual size: 307KB

.vmp2 Size: 441KB - Virtual size: 440KB

.reloc Size: 512B - Virtual size: 256B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 792KB

UPX1 Size: 234KB - Virtual size: 236KB

.rsrc Size: 512KB - Virtual size: 512KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 329KB - Virtual size: 328KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 511KB - Virtual size: 510KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: - Virtual size: 192KB

.data
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 12KB

.bss
Size: - Virtual size: 574KB

.edata
Size: - Virtual size: 69B

.idata
Size: - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 40KB

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: - Virtual size: 307KB

.vmp2
Size: 441KB - Virtual size: 440KB

.reloc
Size: 512B - Virtual size: 256B

UPX0
Size: - Virtual size: 792KB

UPX1
Size: 234KB - Virtual size: 236KB

.rsrc
Size: 512KB - Virtual size: 512KB

.text
Size: 329KB - Virtual size: 328KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 511KB - Virtual size: 510KB

.reloc
Size: 53KB - Virtual size: 52KB