86f9cec2b2e63140fc9aa58801b35f51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86f9cec2b2e63140fc9aa58801b35f51_JaffaCakes118
Size

2.3MB
MD5

86f9cec2b2e63140fc9aa58801b35f51
SHA1

ec9a8497edf1428a0556feb2cdf70fff8134ed5e
SHA256

f903c4f8ccb86ef355e586e9f34e5291b60fd4b40e6bfbf3de42a967cc2738dc
SHA512

68590c5ea0fd5f5660bea703e0d4268e65fb777201f5693ee6c775c5a6cf965f0bdd9d3404c7375f22234b932691b49e98174ad844d7ad820729e2e42d574b89
SSDEEP

49152:HsCyuG8AVG7lRrlQfOKPu16dZdys30pkQ9Hgy+8ewy:HsCqQ7TlU01TsEBFgyDK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/nizhanilin/逆战麒麟_26.6pvp+pve/麒麟.dll	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/nizhanilin/逆战麒麟_26.6pvp+pve/麒麟.dll

Files

86f9cec2b2e63140fc9aa58801b35f51_JaffaCakes118
.rar
nizhanilin/下载银行-提供免费绿色软件下载.url
.url
nizhanilin/下载银行.txt
nizhanilin/逆战麒麟_26.6pvp+pve/1.jpg
.jpg
nizhanilin/逆战麒麟_26.6pvp+pve/2.png
.png
nizhanilin/逆战麒麟_26.6pvp+pve/3.png
.png
nizhanilin/逆战麒麟_26.6pvp+pve/使用教程与介绍.url
.url
nizhanilin/逆战麒麟_26.6pvp+pve/启动辅助.bat
nizhanilin/逆战麒麟_26.6pvp+pve/开启方法/1.解压到当前文件.jpg
.jpg
nizhanilin/逆战麒麟_26.6pvp+pve/开启方法/2.运行.jpg
.jpg
nizhanilin/逆战麒麟_26.6pvp+pve/注册教程图.png
.png
nizhanilin/逆战麒麟_26.6pvp+pve/麒麟.dll
.dll windows:4 windows x86 arch:x86

7fad9dbe27ebd05adaa55fb7e48317cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutPrepareHeader

ws2_32

recvfrom

rasapi32

RasHangUpA

kernel32

GetVersionExA
GetVersion
Process32First
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyAcceleratorTable

gdi32

GetStretchBltMode

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

SHGetMalloc

ole32

CLSIDFromProgID

oleaut32

SafeArrayGetElemsize

comctl32

ImageList_GetImageCount

oledlg

ord8

wininet

InternetConnectA

comdlg32

ChooseColorA

Exports

Exports

??��|�䨰?a??3��
NOE
_???��3��D��
��3��D��1
��?��3��D��??��̨�??��??��
��y??3��?TD2
��3��?��_?a��?
��3��?��_?��?

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nizhanilin/逆战麒麟_26.6pvp+pve/麒麟使用说明-必看.txt

Sharing

General

Malware Config

Signatures

Files

7fad9dbe27ebd05adaa55fb7e48317cf

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 512KB

.data Size: - Virtual size: 386KB

.vmp0 Size: - Virtual size: 948KB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 4KB - Virtual size: 208B

.rsrc Size: 8KB - Virtual size: 22KB

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 512KB

.data
Size: - Virtual size: 386KB

.vmp0
Size: - Virtual size: 948KB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 4KB - Virtual size: 208B

.rsrc
Size: 8KB - Virtual size: 22KB