9b8006befa73aa8d755d2a75dcfa814b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9b8006befa73aa8d755d2a75dcfa814b_JaffaCakes118
Size

239KB
MD5

9b8006befa73aa8d755d2a75dcfa814b
SHA1

ce5412d129c52155935b8fdd19b93da4722f2cff
SHA256

e3741fd6269e3b58c5f3f95e2ef83549e349af47a291aee12a923751786c5c66
SHA512

2373b000c564b315724b7e27e0f9e4a55aa7116c3b62626358fb1c8258e2227dad937dbb18f7185e4f6b2eabeb51e5ef0ad55410ce5edeeb3497847013a4eb45
SSDEEP

6144:2ezw8bq8gtCCg4W7UDp5LVJ+3XI9gbjAxZi:XzVbq82g4cUDm4iAW

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/UnEBook_chn/XREADER.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UnEBook_chn/UnEBook.dll
unpack001/UnEBook_chn/UnEBook.exe
unpack001/UnEBook_chn/UnEBook_winhlp.dll
unpack001/UnEBook_chn/XREADER.exe

Files

9b8006befa73aa8d755d2a75dcfa814b_JaffaCakes118
.rar
UnEBook_chn/UnEBook.dll
.dll windows:4 windows x86 arch:x86

0f32a344288487dd83fc446d1ec351f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetFocus

shlwapi

StrRChrA

urlmon

URLDownloadToFileA

Exports

Exports

?StartFunc@@YGHPAUHWND__@@@Z
?StopFunc@@YGHXZ

Sections

.text
Size: 18KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/UnEBook.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 83KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/UnEBook.htm
.html
UnEBook_chn/UnEBook_winhlp.dll
.dll windows:4 windows x86 arch:x86

c49cb99c679d168e9fb1e6c64d97776c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SendMessageA

Exports

Exports

UnCompress

Sections

.text
Size: 57KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/XREADER.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XRG
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.htm
.html
使用帮助(河东软件园).url
.url
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

0f32a344288487dd83fc446d1ec351f1

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 83KB - Virtual size: 252KB

.rsrc Size: 8KB - Virtual size: 8KB

c49cb99c679d168e9fb1e6c64d97776c

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 84KB

.bss Size: - Virtual size: 38KB

.data Size: 19KB - Virtual size: 28KB

.idata Size: 2KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 16KB

.XRG Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 252KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 57KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 84KB

.bss
Size: - Virtual size: 38KB

.data
Size: 19KB - Virtual size: 28KB

.idata
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 16KB

.XRG
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB