9341fb58fc48e45feba814150f84d6b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9341fb58fc48e45feba814150f84d6b0_JaffaCakes118
Size

452KB
MD5

9341fb58fc48e45feba814150f84d6b0
SHA1

53718d5b07119d26a32c9a2966f4b4ef5b3d8478
SHA256

2870dba02afc7f013927e8cbd9bfed5453193bc622248efa757c933496461551
SHA512

57d1071510b66c83620d5e1588e24c848b7a031daec55d9ab8aea2844063e6bdb32dbd72747ac0cc4fc92765677c1dc854dca9e5aec6ddcbbb925464e73a1428
SSDEEP

6144:g6t/rlUUSLj8hEqgVPeQ4toXye5cp58hzcOFgA2CCDNS8MUJ67JwjKRuMs/h:9UVjTqgUQZye88RcOaA2CCZWJwd/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/ux32w.dll

Files

9341fb58fc48e45feba814150f84d6b0_JaffaCakes118
.rar
real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/RealDe.ini
real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/readme.txt
real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/real2010年3月30日管家婆可自定义信息模拟锁（四版通用）/ux32w.dll
.dll windows:1 windows x86 arch:x86

432fec53809891f274d358b5e7acd537

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType

advapi32

RegCloseKey

oleaut32

SysAllocStringLen

Exports

Exports

SFNTsntlActivateLicense
SFNTsntlCleanup
SFNTsntlDecrementCounter
SFNTsntlGetContactServer
SFNTsntlGetFullStatus
SFNTsntlGetHardLimit
SFNTsntlGetKeyType
SFNTsntlGetLicense
SFNTsntlGetVersion
SFNTsntlInitialize
SFNTsntlLockData
SFNTsntlQueryLicense
SFNTsntlQueryLicenseDecrement
SFNTsntlQueryLicenseLease
SFNTsntlQueryLicenseSimple
SFNTsntlReadLease
SFNTsntlReadString
SFNTsntlReadValue
SFNTsntlReleaseLicense
SFNTsntlSetContactServer
SFNTsntlSetHeartBeat
SFNTsntlSetProtocol
SFNTsntlSetSharedLicense
SFNTsntlUnlockData
SFNTsntlWriteString
SFNTsntlWriteValue
��"\w��L ��UDQ��O�=��no�T��]�T{��!U�۝Pэ� �� ̻,S�'\2[u�]O0E�:�/�)�zk�93� $-�6��98"|J @�N��اn(��C7u��7�B��8�Ag�8�� <�<�-ǆ�?A�;��U��JHF{�}� ��#P�DU׵��E�2D��]!�|L˺U�s&i6�J5q͉7��W$�T�lH;Z�u��g��EJBE:D�l�>�"4~��=��!䉥��K�wm��J2�=�D��嗓DO��靈* �i~��,`zÛi��>�):��)��r?�PX_�$��@�v�+��*\2yq+��hJ��)��*��H�[��2��o�勯8K_6�i_D\1Aoq�n;��W\��FԦʹώ�By��E��&R��vy]�l*��zs�nI�&.U��-�F�S��J�| �zolb�x�J��A� uӇۅ]��\�<SI��5�P3ڞ,�yؘ��Yﻺ�U��ǕL�WG��iO�Z�o'�j�4Oڿ�/ ,��p�M42��e�eu��]�d�* ��喲`ij�R��a{�7�� <�E<��l+qV��g( ECW�ԛh<k��t�A`#�j�iǇ�SqOhGX3��d��e�.߿�J�lR�Ș'�OKh��Ul�~%ir�ų�# `��Y��o X��S��rH��u/�|/ H)�� "��J��l�q�l�> ��,��-��j(P�w(�A��Q˩E�- O�*�{��o�� և�H��|u��1�,x��\��S ��q/�� x]�ӏ��k�w ɒV��V��3`�fQeY�N�LU6dͻ�%i5l (��t˨�Hq!gh��җ��j�A�s-�]�JQ!uRw��`��}a��!��Y:�م�r#w �ѭ|f Ì3�_C��c��G��5��Gr�ͦ��M~�c�G��zg4[��!b��G��p�%s� �ø�GJ��qV5R�k��3ĥ�l��G.��A`�d�M��)J��@8�*Ng�>s�章 L��!��M��I01T��i�Ӎ��vx�D��"��`�i��N��%�>|6��=��=�a�u�x}X%��(��+S��\B@�b�Ħ��#�Ž��ۡ�;�F��hlE��&w��9��z�%��*x�=��b��N��9e�,yi� ��(�)�q�/}��(��\��Վ-�� u�T�a� ��!��:(��K��F��9��^_��v"�L��I�M��_��2g��X�"X_}�]�[j��]��O=%\��g�!?��Bw[��D�47�p��DE3?�Zcz@� ��*�jg��pE�!d��穂)ENQ`o�9�y��@[p�e\֪)�"��X΅E|��Z��ҧ��鵔�� Bn�`=Q�.!֓��c(l�}ě��iJ�$�o��m��h�S�j�nW�Zd�ܦJ�)8��M�g��-�/��.�x�=��ts��Wa�Is�xk,ܡj?PV� 3��-X~��r(�3KZ��C�u��r��)fS*�{{�5ʡ8�p)%ky��X4H8E��w�M��tLY�)K��$(w'�fLs�a*�V�1��B{��Rܖ6��г#G�;�8X�S��+�h F!Yg�q �4�D��n�L�_�u��?�� PN ��]�C#��}��|rΞ�C1�� Y-܆�U��@ 1��g�4v��W�ز.i8�+�`7�ƍ��@U�ٵ9� ��/v�GgB5�Q�|��R��)��(��އ��&�i��N=��`�2��h�3#��;Ӹ�� ,��~ŠBJ��9��E <Fd��s*bJץ*�V�J}�_Fe��V��0�E��y~��"��@�'�T�\g|�j�#8{佾[;ڟ��U��D��,]�n�S��w��6Y��xf�I��vn'�w�R�'z _�k�P|@o�4�n�aJ��R�(��MtHs�d}UwIt�"�t)��jWa'/] AHA`� �+��@c��S:c��*zmJ�[U�)�C"�Vb��Z��л꥔W�k��(�}�^�RA)��X��$*�Z��jJ�3}Ӕڰ��G��cV��C��A2%�a]�"�}X��c��#v��/�&|mx��Cަ�� P��c��R�Pi�5��v��~ M2�9��}w0ۙ�I�ngG�i�P ��!4�� ?��h�+��5_�z��7��O^�Kܖ��ǟE�D�Z�G/�z�ٵaos� X��,��ݩD"�rm��~z�+�fߞo��]݁�?.�Qu}s/�/}�f'�?�ӛټ� �?qx ��W�ۧ͜?x�Yh��ډ��IZ��NqO�:��a�� v��-s��U�^»��nK��+(=r囈��9`Og�tr^GCM�}�>I��>�u'zzoxKA��pO�1{�4q٘�~�C��q=fd��(`r��Y��"�b��^�c�;эߗ82��"n;|�ۍ�͂��`r��f�.U_��3 q��m��-�?�{{�B�{��D>�p�բ;�%A��\��Mb��a9�j�z�6g��}�Ig7=K/��C��cVO��_[;+�� \;A��6� �$Y��"7z�뫶T��ӎ]��Ȑ>_��-1��Ŋ�`/��X��g�F�s.c0Y�v�<�v��$hA�Â��2D��a��`�_�Ƞ�9��Y�Ï��X灙w%��O�!��3ֵx�0��y�%��@�� /M��}�F�� y<�tQ��Y��XN��C%�3/��0l~/t�Rq�.�_K��^Y-�<z ɚ��}_4�c9��᭚��0�AJ��Hb��,��#��E��X.

Sections

CODE
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

code0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

3c9000
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3e0000
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

920000
Size: - Virtual size: 1024KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

code1
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

code2
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text1
Size: - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

text2
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

432fec53809891f274d358b5e7acd537

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

CODE Size: - Virtual size: 30KB

DATA Size: - Virtual size: 1012B

BSS Size: - Virtual size: 1KB

.idata Size: - Virtual size: 1KB

.edata Size: - Virtual size: 867B

code0 Size: - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 3KB

3c9000 Size: - Virtual size: 4KB

3e0000 Size: - Virtual size: 64KB

920000 Size: - Virtual size: 1024KB

code1 Size: - Virtual size: 259KB

.tls Size: 512B - Virtual size: 24B

code2 Size: - Virtual size: 49KB

text0 Size: - Virtual size: 4KB

text1 Size: - Virtual size: 147KB

text2 Size: 454KB - Virtual size: 453KB

.reloc Size: 512B - Virtual size: 272B

CODE
Size: - Virtual size: 30KB

DATA
Size: - Virtual size: 1012B

BSS
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 1KB

.edata
Size: - Virtual size: 867B

code0
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 3KB

3c9000
Size: - Virtual size: 4KB

3e0000
Size: - Virtual size: 64KB

920000
Size: - Virtual size: 1024KB

code1
Size: - Virtual size: 259KB

.tls
Size: 512B - Virtual size: 24B

code2
Size: - Virtual size: 49KB

text0
Size: - Virtual size: 4KB

text1
Size: - Virtual size: 147KB

text2
Size: 454KB - Virtual size: 453KB

.reloc
Size: 512B - Virtual size: 272B