8f91abc6cc7547e369ffe898edd0c24d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8f91abc6cc7547e369ffe898edd0c24d_JaffaCakes118
Size

2.8MB
MD5

8f91abc6cc7547e369ffe898edd0c24d
SHA1

fe5e4e1da66d06eca8a5fedbebdeeab3851b5fdb
SHA256

ae6ef57fe5fb45c2b7fd541240e90dc8957786c18f1394d68fe7eb6736db24ba
SHA512

0980f40f6af0ee2148949defacf837bf8b7a56ab099bb14cf688a63775ba140184946f31d47472573e8c866b6e920ca0f1dd63a69ccb501aae9e85754ccfdc32
SSDEEP

49152:PUBpdHIv8RkiJpxcJtXBB5Xwg+9gM48atb+lGkQRy2fnQMCVAF8ohxTfcmBzZ:UpdXKiJHGZb+2c1kRhnQMCuF8MxQmr

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/plug/dm.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/K1_140317.exe	upx
static1/unpack001/plug/dm.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/K1_140317.exe
unpack002/out.upx
unpack001/plug/EyLogin.dll
unpack001/plug/dm.dll
unpack003/out.upx

Files

8f91abc6cc7547e369ffe898edd0c24d_JaffaCakes118
.rar
K1_140317.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 884KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 761KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/6级.bmp
data/again.bmp
data/chonglian.bmp
data/daoshu.bmp
data/diaoxian.bmp
data/game.cfg
data/hongcha.bmp
data/hud1280x720.ini
data/input.ini
data/jifenban.bmp
data/jifenban2.bmp
data/jinggao.bmp
data/jnd.bmp
data/jnd2.bmp
data/num.txt
data/play1.bmp
data/qt.bmp
data/sele.bmp
data/setsoft.ini
data/sf.bmp
data/shouye.bmp
data/sm.bmp
data/tp.bmp
data/tp2.bmp
data/xc.bmp
data/z11.bmp
data/z22.bmp
data/z33.bmp
data/z44.bmp
data/z55.bmp
data/zhaodao.bmp
data/关闭.bmp
data/关闭荣誉.bmp
data/出兵.bmp
data/升级.bmp
data/右框.bmp
data/右阵.bmp
data/大区列表.bmp
data/大厅取消.bmp
data/小兵血.bmp
data/左框.bmp
data/左阵.bmp
data/广告.bmp
data/快速登陆1.bmp
data/技能1.bmp
data/技能2.bmp
data/敌人血.bmp
data/敌人血0.bmp
data/敌小兵.bmp
data/服务器提示.bmp
data/登录首页.bmp
data/确认按钮.bmp
data/等待.bmp
data/结束1.bmp
data/结束2.bmp
data/荣誉1.bmp
data/返回大厅.bmp
data/进入大区.bmp
data/进行中.bmp
data/锁定标志.bmp
data/长期重连.bmp
data/队友.bmp
plug/EyLogin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1d666f5b619530d37b3bde9e727fef26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv

ws2_32

bind

iphlpapi

GetAdaptersInfo

atl

ord23

kernel32

CreateFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

oleaut32

GetErrorInfo

version

VerQueryValueA

Exports

Exports

CheckAppVersion
CheckUserStatus
CheckUserStatusSingle
CloseUserCheck
ConversionbindingIP
ConversionbindingMAC
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetAppCode
GetBulletin
GetCpuID
GetCurrentVersionName
GetExpired
GetLastError
GetLastMessages
GetLatestVersion
GetLatestVersionName
GetMACAddress
GetUserExpired
GetVersionCode
OpenUserCheck
OpenUserCheckShowMessage
SetAppKey
SingleRecharge
UpdatePwd
UpdateUserExpiredDT
UserConversionbindingMAC
UserLogin
UserLoginSingle
UserRecharge
UserRegin
Ver
��b�@Q)��#�Ezti��5g��sS�Wn��~�܌ F�G�E�O�I �F�;�F��}��Z�*m7��V�ӓ��x�B��ηm�O�+LHG4w��gT��R��LV1B7f6>_f��Cu՞�ޱ'�hrP%��O�G��Q'h�L�F�y;��c3ʊ�L�tA'-�ɿg%Ak��CR+��K�a^0�9�J8�߯��'�K��zibr��k!��k3�>��F}�+��[ܷX��'l�s��<��GW�F�!�\��2�lC��}�+ag��D̈́��F�|�� է/Чþ�� &��J��݀��_��Y/��=fW��ZW��?�xU&j�9��M�Ƞ�\D=�R��5`=��º��&9z�c�d�A��Z��sE��S/0ݷ��$߮�~c��ۈ�v}0$nl��n#;,�X��@�J�!�(*�3-cB�l-b�;��W&;}B ��.�P�R��a��|.��#̨�ǳB>�Bp沙��;��.b�?j��D9�f��O��[�z]��s�0 K��&_�q�>��S�?��Zk5˜�c��N<n�h�WU�aɘq��&'ի��.=�-p��a:n�K�@j}��`YS�g�Z�k��=:��1=�v0L�y��p�!�h��`3�i�Z�0=�!��M�D��1��mY�%Y͞jhǝ��/LG7��H-�^:k H��7Cz9�m�K��q8;��l��*�Q��x��v+��'��}��s.c�CֱZ�aM�:��}S;20��;�Ԋ�3Te��ٔw�/�#=��vL�Ѻ��[��7�Q�R։�:�J�Jc�LutQ��Er(H�� N��K� B=�i^'0�� }�S�u}�p@�"9�K��#��&.��t��欞^!4�g&�ٮˌ_��u��3;��u��:��}j�˅��1l׊��:đ��.�g)��a�P��82�w㏴g��#� ��_��xcX��~��1�NI��F�?\粬��֍<-�� Ԥ)��,��A ��]X�ȑ�o'6��c�� n�L�F6�iқ��Ut?l�fK�"%`��W��ե�۶��p�?6�Ed�m�@i�W�;��)C��l��[�D��5nS��ْ��{+�S2��J�m�f[/��Kb,l�$tC��Oz�g�% ��G0c��aD��r��͌.hv>�tB��nsjVRI��.��1e�BF��Z�+6��j��z��OF݈1MO𴲴c3��H��*'�W�y�9��mN�#M@Fy Xv@�L�57�?��yQ��3�6�[�z2B�^' f��ϼ�'� G�/E��U��qJE�^��u�5G�(�ʶ��M�� 6�V�Fs�5zs� ��l9~`�h�y6fIx��+$J��낏�UJ��f�!�`+��Ar:y\uy�<�>��H<�U�^=�F�fY��jC�6p��=�v0��͎�!��셽P�f�j��#�s�6�.H1��ay<^T ��g�r�ðH��*Q{3��ϰ�X� f��L-�ލ:��5Z=��d_� ��M�MN�-�� 1��ë��ãȭH:xj�G�<� ��QC#e<_��B�=�Yy�K^"�.,퓨� tI��?z-��oU�Tx��dڈ[�:w9��:vb��$��-)��"�E�:G?3=��NN2-I�ҭ��2�6�Q�|K��խ4�P��e��t>��QJRpu'�Ci�(��vDo��KaM�C��Ż�]9D2AI��1��,��S��`�['��בn�(��ykdw�u Q��:��H3fUj��d=5��O��b|�2�b��<�Ξ|lX$��r�Z��˷�)��wk $"4b�Z�)�3�8� &|m�es�s_?�Ly��l�3��Hb��-��B��KЯ�rϭ�$��I��{\�IB&]�&�Z�A��@��F^��/�U&�ag#)q��r �V�k�/,��_M�B�[kO8ԓ f�ʅ�$��s��zԪ=5bw��1TL��PcL�5�G],��$�8��S��(2-in"x�6��.��|kuOQ6��K�FS��Y~y��{��?�RX�v��J ��Y��(g����f6x�!��Hi=3D�8g�#��!��{�r#�s��kR~O�\q��'uF�ؒ��ʹ�̚cق�zq�Kj�D`X!��h*�^�0j2��8<�ǋ=�>3�c�P �Oz�ԁ��d�xz1��)ۘ�55� ҇�d��(�C��H��݁>��K��`8��{��~GY_%ٔV;z=�̔��s�� p�z�OlZ��v9x��c�y�䛥/��#�BWx��3�V�*@��:m��䣇r�F��^vus�g��Y��h1�J|3�=JQ�!��Tu�(��K��GZ1��̉iH0��ϑ�y��;�NC��_�Z�r>�yu�M�c�'\C�� 롅��xi�kr��8��Jw� ��R�XFI'��5/��Ҷ�� 5�ԎJi�,�$2-��M�M(�q 6�w�-�2�Fr��+�G�m�7��d�͆{V��>I��v��n�g��ލ+޲�6�� ˤ�O��G��;�G��#F��z�$�m��bb��f�YR��!czл� nġE�L�?��E�ct�=c� 7O=H�i"�l�ҷ3��{��?�Gx�u$��o ��m�2�r�SIt�G��2�#�m��4�s��ߦ�u�%y�5��˧ˏCSW�2�4��6��dop�\ �`��ŽN��˒VjK̉�DoR_�@3h۹R�

Sections

.text
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eydata0
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eydata1
Size: 640KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plug/dm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 753KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp0
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tp1
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 884KB

UPX1 Size: 761KB - Virtual size: 764KB

.rsrc Size: 36KB - Virtual size: 36KB

Headers

File Characteristics

Sections

.text Size: 912KB - Virtual size: 910KB

.rdata Size: 296KB - Virtual size: 294KB

.data Size: 96KB - Virtual size: 388KB

.rsrc Size: 36KB - Virtual size: 34KB

1d666f5b619530d37b3bde9e727fef26

Headers

File Characteristics

Imports

msvcrt

ws2_32

iphlpapi

atl

kernel32

user32

oleaut32

version

Exports

Exports

Sections

.text Size: - Virtual size: 260KB

.rdata Size: - Virtual size: 42KB

.data Size: - Virtual size: 10KB

.idata Size: - Virtual size: 4KB

.eydata0 Size: - Virtual size: 520KB

.tls Size: 4KB - Virtual size: 24B

.eydata1 Size: 640KB - Virtual size: 636KB

.reloc Size: 4KB - Virtual size: 380B

.rsrc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 684KB

UPX1 Size: 753KB - Virtual size: 756KB

.rsrc Size: 50KB - Virtual size: 52KB

Headers

File Characteristics

Sections

.text Size: 740KB - Virtual size: 739KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 36KB - Virtual size: 108KB

.rsrc Size: 232KB - Virtual size: 229KB

.tp0 Size: 48KB - Virtual size: 44KB

.tp1 Size: 160KB - Virtual size: 157KB

.reloc Size: 36KB - Virtual size: 33KB

UPX0
Size: - Virtual size: 884KB

UPX1
Size: 761KB - Virtual size: 764KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 912KB - Virtual size: 910KB

.rdata
Size: 296KB - Virtual size: 294KB

.data
Size: 96KB - Virtual size: 388KB

.rsrc
Size: 36KB - Virtual size: 34KB

.text
Size: - Virtual size: 260KB

.rdata
Size: - Virtual size: 42KB

.data
Size: - Virtual size: 10KB

.idata
Size: - Virtual size: 4KB

.eydata0
Size: - Virtual size: 520KB

.tls
Size: 4KB - Virtual size: 24B

.eydata1
Size: 640KB - Virtual size: 636KB

.reloc
Size: 4KB - Virtual size: 380B

.rsrc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 684KB

UPX1
Size: 753KB - Virtual size: 756KB

.rsrc
Size: 50KB - Virtual size: 52KB

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 36KB - Virtual size: 108KB

.rsrc
Size: 232KB - Virtual size: 229KB

.tp0
Size: 48KB - Virtual size: 44KB

.tp1
Size: 160KB - Virtual size: 157KB

.reloc
Size: 36KB - Virtual size: 33KB