906674850609c3c5f96d9bbb7919a1d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

906674850609c3c5f96d9bbb7919a1d7_JaffaCakes118
Size

565KB
MD5

906674850609c3c5f96d9bbb7919a1d7
SHA1

7da345d8c64402ff4258cc61794d0707f6880d3e
SHA256

bf506bdad72812bb27df228f8250e3385240e04624f27c4ff82a5a7f0c54a0d7
SHA512

c0f7f4ec8f21b189472bfa552d47e0f60e4d0a7275acd4c1cbe23d198c16f64e4421305bfe1762cee46cc9cadfb7d13aa4332f7ab4238603f4a4246f034f2596
SSDEEP

12288:os/jqOIZqY6vLcwKUMwHsHHEP4skuUxdnZ1WSel6k:pGOSnOLcE5yO4skuUxP1Wb5

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/U3Por/PortFree Production Program/PDX8.exe
unpack001/U3Por/PortFree Production Program/PathPicker.dll
unpack001/U3Por/PortFree Production Program/msgsva.dll

Files

906674850609c3c5f96d9bbb7919a1d7_JaffaCakes118
.rar
U3Por/121下载站_百度搜索.url
.url
U3Por/PortFree Production Program/PDX8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.yfy
Size: 367KB - Virtual size: 12.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yfy
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yfy
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yfy
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
U3Por/PortFree Production Program/PathPicker.dll
.dll windows:4 windows x86 arch:x86

991547a5a6304a396fc1ca6c44dd8d26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetEnumResourceA
WNetOpenEnumA
WNetCloseEnum

mfc42

ord4998
ord4853
ord6052
ord1775
ord4376
ord2514
ord4425
ord5280
ord6055
ord4078
ord1776
ord4407
ord5241
ord3597
ord5163
ord6374
ord4353
ord2385
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord5290
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord2446
ord2985
ord3081
ord2976
ord3398
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3733
ord686
ord800
ord810
ord641
ord860
ord384
ord540
ord567
ord324
ord3262
ord2370
ord5265
ord4234
ord537
ord535
ord941
ord536
ord2862
ord2097
ord6199
ord4710
ord5572
ord2915
ord858
ord668
ord3178
ord2302
ord2781
ord2770
ord924
ord356
ord3287
ord922
ord923
ord3303
ord2652
ord1669
ord1168
ord2642
ord3092
ord823
ord4277
ord4204
ord4202
ord2763
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord4129
ord2864
ord6467
ord825
ord4058
ord1116
ord1176
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord269
ord600
ord1575
ord1578
ord826

msvcrt

_initterm
__CxxFrameHandler
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
free
_onexit

kernel32

GetDriveTypeA
LocalAlloc
LocalFree
GlobalAlloc
GlobalFree

user32

SendMessageA
EnableWindow
MessageBeep

Exports

Exports

BeepTest
Build
ShowDialog

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U3Por/PortFree Production Program/msgsva.dll
.dll windows:4 windows x86 arch:x86

31a5020b945e34d73230dde662e3c14a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

netapi32

Netbios

comctl32

ImageList_SetIconSize

Exports

Exports

AESEn
Adler32En
AntiDump
AntiFileMon
AntiRegMon
Base64En
BlowFishEn
CMD5En
CRC32BEn
CRC32En
ChangeCode
CloseWindow
CrcFileEn
Des3De
Des3En
DesDe
DesEn
GOSTEn
GetBiosID
GetCpuID
GetHDID
GetNetID
HAVAL128En
HAVAL160En
HAVAL192En
HAVAL224En
HAVAL256En
MD2En
MD4En
MD5En
RIPEMD128En
RIPEMD160En
RSAEn
SHA1En
SHA256En
SHA384En
SHA512En
SHCEn
SoftIceXP
TIGER128En
TIGER160En
TIGER192En
WinAntiDebug
WinAntiLoader

Sections

CODE
Size: 172KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
U3Por/PortFree Production Program/汉化说明.txt
U3Por/使用说明.txt
U3Por/单机游戏下载.url
.url
U3Por/安卓游戏下载.url
.url
U3Por/更多软件点击进入.url
.url
U3Por/爱淘宝-淘宝网购物分享平台.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.yfy Size: 367KB - Virtual size: 12.6MB

.yfy Size: 9KB - Virtual size: 12KB

.yfy Size: 4KB - Virtual size: 4KB

.yfy Size: 4KB - Virtual size: 4KB

991547a5a6304a396fc1ca6c44dd8d26

Headers

File Characteristics

Imports

mpr

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

31a5020b945e34d73230dde662e3c14a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

netapi32

comctl32

Exports

Exports

Sections

CODE Size: 172KB - Virtual size: 476KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

.yfy
Size: 367KB - Virtual size: 12.6MB

.yfy
Size: 9KB - Virtual size: 12KB

.yfy
Size: 4KB - Virtual size: 4KB

.yfy
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

CODE
Size: 172KB - Virtual size: 476KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B