838e1269c2db2c3cac881ac98dec8deb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

838e1269c2db2c3cac881ac98dec8deb_JaffaCakes118
Size

7.4MB
MD5

838e1269c2db2c3cac881ac98dec8deb
SHA1

40118398063931f38ffffe570aa6788106d8a69d
SHA256

3d5a1d0768b4e64090c5de59da844a2a3cbbaa6bb5efd9fb03b1a04974ab35c0
SHA512

99f13a1fbc8b4a9997b993f46c37caddc1154c180478aa27f549a3cd4d7dede245c6c1ed752d74d0f03c0f7ccc86036673e97031b901bce1a73686b6024103ab
SSDEEP

196608:ufGHvQ50X5yLeZqUoUhnv43hfVKQ2WJUYpMxK3rb7H3w0:ufcSg8Le8U343hfd7UYexK380

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/aliedit.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/aliedit.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack001/阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/先锋阿里巴巴刷信誉刷销量软件.exe

Files

838e1269c2db2c3cac881ac98dec8deb_JaffaCakes118
.rar
使用说明.url
极速软件下载.url
.url
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/Aero.she
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/aliedit.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:99:06:35:8e:2a:07:ac:b5:76:1c:04:70:ac:6f:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/04/2011, 23:59

Subject

CN=Alipay.com Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alipay.com Co.\,Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:86:40:98:24:d4:ea:7f:97:7b:e8:e4:8a:8e:83:81:ca:35:33:5c
Signer

Actual PE Digest

13:86:40:98:24:d4:ea:7f:97:7b:e8:e4:8a:8e:83:81:ca:35:33:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 301KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/bd.dll
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/n.dll
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/regkey.dat
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/tbpz.ini
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/使用必读.txt
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/先锋阿里巴巴刷信誉刷销量软件.exe
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 648KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

agnefozy
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsfitiwd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
阿里巴巴刷成交刷销量刷信誉软件试用版v1.17/全部代付款连接历史记录.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:99:06:35:8e:2a:07:ac:b5:76:1c:04:70:ac:6f:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

13:86:40:98:24:d4:ea:7f:97:7b:e8:e4:8a:8e:83:81:ca:35:33:5cSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 436KB

UPX1 Size: 301KB - Virtual size: 304KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 455KB - Virtual size: 454KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 52KB - Virtual size: 69KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 34KB - Virtual size: 34KB

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 648KB - Virtual size: 1.9MB

.rsrc Size: 80KB - Virtual size: 135KB

.idata Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 3.2MB

agnefozy Size: 2.8MB - Virtual size: 2.8MB

nsfitiwd Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:99:06:35:8e:2a:07:ac:b5:76:1c:04:70:ac:6f:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

13:86:40:98:24:d4:ea:7f:97:7b:e8:e4:8a:8e:83:81:ca:35:33:5c
Signer

UPX0
Size: - Virtual size: 436KB

UPX1
Size: 301KB - Virtual size: 304KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 455KB - Virtual size: 454KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 52KB - Virtual size: 69KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 80KB - Virtual size: 135KB

.idata
Size: 4KB - Virtual size: 4KB

agnefozy
Size: 2.8MB - Virtual size: 2.8MB

nsfitiwd
Size: 4KB - Virtual size: 4KB