a7f99425aa082eca8ec4d7bf4cd37b90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7f99425aa082eca8ec4d7bf4cd37b90_JaffaCakes118
Size

854KB
MD5

a7f99425aa082eca8ec4d7bf4cd37b90
SHA1

e26029f77521b4d5f7b4b49b59d93ff39aa594fa
SHA256

c2ff5c24be4251cf89ced812c93857242b530c1c4fd1c9c758a8a2a7f85da5db
SHA512

bdd15ce45696f347c318854bb2165802cb576605b9be00818e7e3743e9c92fc6bcfd2788a4e3aa82448127115eb6d487d1c067c2fc5fe58af7a0b3d33037d76d
SSDEEP

24576:vsX7C9AFctJTb+iM9Bq3Pk+v+dCRXp+Lz4igo02mdCAl7dzAabT:M74nJTb+h7IXv+deKliqav

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Ancer/DiskSerial.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Ancer/DiskSerial.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ancer/Ancer.exe
unpack001/Ancer/DiskSerial.dll
unpack002/out.upx
unpack001/Ancer/SkinMagic.dll

Files

a7f99425aa082eca8ec4d7bf4cd37b90_JaffaCakes118
.rar
Ancer/Ancer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

SVKP
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SVKP
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ancer/DiskSerial.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetBufferSize
GetCPUSerialNumber
GetDiskCylinders
GetDiskHeads
GetDiskSerial
GetModelNumber
GetRevisionNumber
GetSectorsOfTrack
GetSerialNumber

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ancer/Help.chm
.chm
Ancer/HlidSave.dat
Ancer/SkinMagic.dll
.dll windows:4 windows x86 arch:x86

403b27bd9a607ff93ce1d5b944950ef7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
SizeofResource
lstrcpynA
lstrcmpiA
FindResourceA
lstrcpyA
lstrcatA
LoadResource
LockResource
lstrlenA
GetProcessHeap
CreateEventA
CloseHandle
SetEvent
DeleteFileA
WaitForSingleObject
GetTempFileNameA
GetTempPathA
LeaveCriticalSection
FlushInstructionCache
RaiseException
HeapSize
ReadFile
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
SetEndOfFile
InterlockedExchange
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
Sleep
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
RtlUnwind
LoadLibraryA
GetProcAddress
IsBadWritePtr
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
MulDiv
EnterCriticalSection
GetVersion
ExitProcess
InitializeCriticalSection
WriteFile
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
FreeLibrary
VirtualProtect
CreateThread
GetSystemTime
GetCommandLineA

user32

DrawIconEx
EndPaint
BeginPaint
DrawEdge
ReleaseCapture
SetCapture
IsWindowVisible
CopyAcceleratorTableA
GetSysColor
CharUpperBuffA
GetDC
GetIconInfo
GetWindowTextA
DrawFrameControl
IsWindowEnabled
DestroyIcon
DrawStateA
GetFocus
EnableWindow
SetWindowWord
GetWindowWord
IntersectRect
DrawIcon
ValidateRect
EqualRect
IsMenu
DrawMenuBar
GetWindowPlacement
SubtractRect
FindWindowA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSysColorBrush
CopyRect
MapWindowPoints
SetRect
FrameRect
InflateRect
WindowFromDC
GetMessagePos
SetCursor
SetFocus
GetCapture
SetForegroundWindow
SetTimer
UpdateWindow
UnregisterClassA
wsprintfA
KillTimer
PtInRect
ClientToScreen
ScreenToClient
InvalidateRect
CreatePopupMenu
AppendMenuA
GetCursorPos
DestroyMenu
GetMenuItemInfoA
FillRect
GetSystemMetrics
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
GetMenu
SetMenu
LoadCursorA
DestroyWindow
GetClassLongA
GetDesktopWindow
LockWindowUpdate
OffsetRect
IsRectEmpty
GetWindowInfo
GetWindow
IsIconic
IsZoomed
MoveWindow
ShowWindow
PostMessageA
ReleaseDC
GetWindowDC
GetWindowRect
GetClientRect
SetWindowRgn
SetWindowPos
RemovePropA
SetPropA
SetWindowLongA
RedrawWindow
GetPropA
CallWindowProcA
DefWindowProcA
DispatchMessageA
GetMessageA
IsWindow
UnhookWindowsHookEx
DrawTextA
GetSystemMenu
SetWindowsHookExA
GetParent
GetWindowLongA
GetActiveWindow
GetClassNameA
SendMessageA
CallNextHookEx
CreateWindowExA
RegisterClassExA

gdi32

CombineRgn
CreateRectRgn
CreateRectRgnIndirect
BitBlt
GetStockObject
CreateSolidBrush
ExtCreateRegion
GetRegionData
DeleteDC
GetDIBits
CreateICA
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
RealizePalette
SelectPalette
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
Polygon
RestoreDC
SetBkMode
DeleteObject
CreateFontIndirectA
GetTextExtentPointA
CreateDIBitmap
CreateDIBSection
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
RectVisible
StretchDIBits
PtInRegion
ExcludeClipRect
GetPixel
ExtFloodFill
LineTo
MoveToEx
CreatePen
TextOutA
GetTextExtentPoint32A
IntersectClipRect
SelectClipRgn
GetRgnBox
ExtTextOutA
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
PlayEnhMetaFile
SetWindowOrgEx
SaveDC
OffsetRgn

shell32

ExtractIconExA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_Create
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx
ImageList_GetIcon
ImageList_Draw

Exports

Exports

CloseSkinData
CreateImageList
CreateSkinImageRectRegion
CreateSkinImageSectionRegion
DisableWindowScrollbarSkin
DrawSkinImageRect
DrawSkinImageSection
DrawSkinTextEffect
EnableCaptionButtons
EnableWindowScrollbarSkin
ExitSkinMagicLib
GetCaptionButtonState
GetSkinBool
GetSkinColor
GetSkinControlBkColor
GetSkinControlColor
GetSkinControlFont
GetSkinControlID
GetSkinControlRect
GetSkinDWORD
GetSkinFont
GetSkinImageSectionMargins
GetSkinInt
GetSkinMagicErrorCode
GetSkinMenu
GetSkinString
GetSkinTransparentColor
InitSkinMagicLib
LoadSkinFile
LoadSkinFromResource
OpenSkinData
RedrawCaptionStatic
RegisterSkinWindow
RemoveDialogSkin
RemoveWindowSkin
SetCaptionButtonState
SetDialogSkin
SetShapeWindowSkin
SetSingleDialogSkin
SetSkinMenu
SetSkinWindowAccelerator
SetWindowMainMenuImage
SetWindowSkin
TrackSkinPopupMenu
TrackSkinPopupMenuEx
UnregisterSkinWindow

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ancer/Wingsofts.gif
Ancer/setup.ini
Ancer/skin/Devior.smf
Ancer/skin/Kromo.smf
Ancer/skin/KromoBlue.smf
Ancer/skin/Tusk.smf
Ancer/skin/corona.smf
Ancer/skin/futuraIII.smf
Ancer/skin/x-plus.smf
Ancer/skin/xpsteel.smf
Ancer/下载说明.url
下载说明.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

SVKP Size: - Virtual size: 236KB

SVKP Size: 174KB - Virtual size: 174KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 22KB - Virtual size: 24KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

403b27bd9a607ff93ce1d5b944950ef7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 20KB - Virtual size: 87KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 20KB - Virtual size: 17KB

SVKP
Size: - Virtual size: 236KB

SVKP
Size: 174KB - Virtual size: 174KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 20KB - Virtual size: 87KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 20KB - Virtual size: 17KB