ae64ce2bb48db788f0f2f69be340c311_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae64ce2bb48db788f0f2f69be340c311_JaffaCakes118
Size

1.1MB
MD5

ae64ce2bb48db788f0f2f69be340c311
SHA1

29e2516cc7a21bd0b20d0e851a070e84f3679a68
SHA256

59e449fb2355965d7da0466b77612a8d51dcb452912d6463b14f00bcc040ab09
SHA512

f317116bc7d525d8c590b5690eff5648bef90dcc35466580e40ffa6fa15885155b98f121df5fe67a952d5aa10f9cede58a296344d8ba3120d47ce030da7dfda1
SSDEEP

24576:OUbGLuM068KNhFJ9vVGR/1Qe2hJc1HgnW4ofhaKHYnd69N:OUlM068MhFJWR9QXgqfA1O63

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Keygen.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Imagenomic/ImagenomicPluginConsole.8li
unpack001/Imagenomic/Portraiture.8bf
unpack001/Imagenomic/Portraiture64.8bf
unpack001/Keygen.exe

Files

ae64ce2bb48db788f0f2f69be340c311_JaffaCakes118
.rar
Imagenomic/ImagenomicPluginConsole.8li
.dll windows:5 windows x86 arch:x86

8c18cbab5f70043b392bbdf6a07adb67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

GradientFill
TransparentBlt

kernel32

GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
GetProcessHeap
FreeLibrary
ReleaseMutex
CreateMutexA
GetCurrentThreadId
LocalFree
FormatMessageA
GetFileAttributesA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
SetLastError
GetModuleFileNameA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
Sleep
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
WaitForSingleObject
VirtualFree
CreateFileA
GetCurrentProcessId
CloseHandle
HeapFree
HeapAlloc
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateDirectoryA
CopyFileA
DeleteFileA
HeapSize
SetEnvironmentVariableA

user32

LoadImageA
GetWindowDC
ReleaseDC
DrawTextA
FillRect
GetSysColor
GetClassLongA
SetClassLongA
PeekMessageA
PostMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateDialogIndirectParamA
MonitorFromWindow
GetMonitorInfoA
GetClientRect
EndDialog
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetDesktopWindow
GetWindow
IsZoomed
SetCapture
MonitorFromPoint
GetWindowTextA
SetWindowTextA
GetDlgItem
SetWindowLongA
CreateWindowExA
GetKeyState
SetFocus
GetFocus
LoadCursorA
SetCursor
GetWindowRect
MoveWindow
InvalidateRect
UpdateWindow
EnableWindow
RedrawWindow
ShowWindow
SetWindowPos
DestroyWindow
IsWindow
GetWindowLongA
GetCursorPos
ScreenToClient
BeginPaint
EndPaint
GetParent
TrackMouseEvent
CallWindowProcA
SetMenuItemInfoA
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetMenuItemCount
AppendMenuA
ClientToScreen
TrackPopupMenuEx
GetCapture
ReleaseCapture
IsMenu
DestroyMenu
CreatePopupMenu
SendMessageA
GetActiveWindow
MessageBoxA
GetWindowTextLengthA
SetTimer
KillTimer
DefWindowProcA

gdi32

StretchBlt
CreateDIBSection
CreateRectRgn
SelectClipRgn
SetDIBitsToDevice
GetObjectA
Polyline
Polygon
CreateCompatibleDC
DeleteDC
CreateSolidBrush
CreatePen
MoveToEx
LineTo
SetPixel
Ellipse
CreateFontIndirectA
SetICMMode
SetTextColor
SetBkMode
SelectObject
DeleteObject
GetStretchBltMode
BitBlt
CreateCompatibleBitmap
SetBrushOrgEx
SetStretchBltMode

shell32

SHGetFolderPathA
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA

Exports

Exports

AutoPluginMain
_NoisewareProc@16

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Imagenomic/Portraiture.8bf
.dll windows:5 windows x86 arch:x86

c57c8c5072c46f855c16a3efc7e57d18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

TransparentBlt
GradientFill

kernel32

VirtualFree
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
LoadLibraryA
GetProcessHeap
FreeLibrary
FreeResource
LockResource
LoadResource
FindResourceA
GetCurrentThreadId
LocalFree
FormatMessageA
GetFileAttributesA
SetProcessAffinityMask
Sleep
GetProcessAffinityMask
GetCurrentProcess
SetEndOfFile
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetModuleFileNameA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
VirtualQuery
CreateFileA
GetCurrentProcessId
HeapFree
HeapAlloc
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateFileW
WriteFile
DeleteFileW
CreateDirectoryA
GetSystemInfo
CopyFileA
DeleteFileA
OutputDebugStringA
CreateThread
CreateEventA
SetEvent
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
GlobalAlloc
GlobalLock
GlobalUnlock
ExitProcess
SetEnvironmentVariableA

user32

SetClassLongA
DefWindowProcA
GetSysColor
FillRect
DrawTextA
ReleaseDC
GetWindowDC
LoadImageA
KillTimer
SetTimer
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
PeekMessageA
PostMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateDialogIndirectParamA
MonitorFromWindow
GetMonitorInfoA
GetClientRect
EndDialog
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetDesktopWindow
GetWindow
IsZoomed
SetCapture
MonitorFromPoint
GetWindowTextA
SetWindowTextA
SetWindowLongA
CreateWindowExA
GetKeyState
SetFocus
GetFocus
LoadCursorA
SetCursor
GetWindowRect
MoveWindow
InvalidateRect
UpdateWindow
RedrawWindow
ShowWindow
SetWindowPos
DestroyWindow
IsWindow
GetWindowLongA
GetCursorPos
ScreenToClient
BeginPaint
EndPaint
GetParent
TrackMouseEvent
CallWindowProcA
SetMenuItemInfoA
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetMenuItemCount
AppendMenuA
ClientToScreen
TrackPopupMenuEx
GetCapture
ReleaseCapture
IsMenu
DestroyMenu
CreatePopupMenu
SendMessageA
SetRect
GetDlgItem
EnableWindow
GetActiveWindow
MessageBoxA
GetWindowTextLengthA
GetClassLongA

gdi32

GetObjectA
Polyline
Polygon
CreateCompatibleDC
DeleteDC
CreateSolidBrush
CreatePen
MoveToEx
LineTo
SetPixel
SetDIBitsToDevice
CreateFontIndirectA
SetICMMode
SetTextColor
SetBkMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectClipRgn
CreateRectRgn
SetStretchBltMode
SetBrushOrgEx
Ellipse
StretchBlt
GetStretchBltMode
CreateDIBSection

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetFolderPathA

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA

Exports

Exports

PluginMain
_NoisewareProc@16

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Imagenomic/Portraiture64.8bf
.dll windows:5 windows x64 arch:x64

a4e6e84ba0b62c4d514f312b96c2dd9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msimg32

GradientFill
TransparentBlt

kernel32

LoadLibraryA
FreeLibrary
FreeResource
LockResource
LoadResource
FindResourceA
LocalFree
FormatMessageA
GetCurrentThreadId
GetFileAttributesA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetModuleHandleW
HeapSize
GetModuleFileNameA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetModuleHandleExW
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetCommandLineA
FlsSetValue
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapAlloc
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwindEx
HeapFree
RtlPcToFileHeader
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetModuleFileNameW
SetLastError
GetLastError
SetEnvironmentVariableA
GetProcAddress
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
CreateFileW
WriteFile
DeleteFileW
CreateDirectoryA
GetSystemInfo
CopyFileA
DeleteFileA
OutputDebugStringA
CreateThread
CreateEventA
SetEvent
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
GlobalAlloc
GlobalLock
GlobalUnlock
SetEndOfFile
GetProcessHeap
GetFileType

user32

KillTimer
SetTimer
CloseClipboard
GetClipboardData
OpenClipboard
LoadImageA
GetWindowDC
ReleaseDC
DrawTextA
FillRect
GetSysColor
DefWindowProcA
GetClassLongPtrA
SetClassLongPtrA
PeekMessageA
PostMessageA
MonitorFromWindow
GetMonitorInfoA
GetClientRect
EndDialog
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
GetDesktopWindow
GetWindow
IsZoomed
SetCapture
MonitorFromPoint
CreateDialogIndirectParamA
GetWindowTextA
SetWindowTextA
SetWindowLongPtrA
GetKeyState
SetFocus
GetFocus
LoadCursorA
SetCursor
GetWindowRect
GetWindowLongA
MoveWindow
InvalidateRect
UpdateWindow
RedrawWindow
ShowWindow
SetWindowPos
DestroyWindow
IsWindow
GetWindowLongPtrA
GetCursorPos
ScreenToClient
BeginPaint
EndPaint
GetParent
TrackMouseEvent
CallWindowProcA
CreateWindowExA
SetMenuItemInfoA
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetMenuItemCount
AppendMenuA
ClientToScreen
TrackPopupMenuEx
GetCapture
ReleaseCapture
IsMenu
DestroyMenu
CreatePopupMenu
SendMessageA
SetRect
GetDlgItem
EnableWindow
GetActiveWindow
MessageBoxA
GetWindowTextLengthA
EmptyClipboard
SetClipboardData

gdi32

CreateCompatibleBitmap
BitBlt
GetStretchBltMode
SetBrushOrgEx
SetStretchBltMode
StretchBlt
CreateDIBSection
CreateRectRgn
SelectClipRgn
SetDIBitsToDevice
GetObjectA
Polygon
CreateCompatibleDC
DeleteDC
CreateSolidBrush
CreatePen
MoveToEx
LineTo
SetPixel
Ellipse
CreateFontIndirectA
SetICMMode
SetTextColor
SelectObject
DeleteObject
Polyline
SetBkMode

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetFolderPathA
SHGetPathFromIDListA

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA

Exports

Exports

NoisewareProc
PluginMain

Sections

.text
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Keygen.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x-force.nfo
使用说明 .txt

Sharing

General

Malware Config

Signatures

Files

8c18cbab5f70043b392bbdf6a07adb67

Headers

File Characteristics

Imports

msimg32

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 45KB - Virtual size: 44KB

c57c8c5072c46f855c16a3efc7e57d18

Headers

File Characteristics

Imports

msimg32

kernel32

user32

gdi32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 14KB - Virtual size: 92KB

.rsrc Size: 395KB - Virtual size: 394KB

.reloc Size: 74KB - Virtual size: 73KB

a4e6e84ba0b62c4d514f312b96c2dd9b

Headers

File Characteristics

Imports

msimg32

kernel32

user32

gdi32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 838KB - Virtual size: 838KB

.rdata Size: 321KB - Virtual size: 321KB

.data Size: 19KB - Virtual size: 105KB

.pdata Size: 50KB - Virtual size: 49KB

.rsrc Size: 395KB - Virtual size: 394KB

.reloc Size: 46KB - Virtual size: 45KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 540KB

UPX1 Size: 71KB - Virtual size: 72KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 45KB - Virtual size: 44KB

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 14KB - Virtual size: 92KB

.rsrc
Size: 395KB - Virtual size: 394KB

.reloc
Size: 74KB - Virtual size: 73KB

.text
Size: 838KB - Virtual size: 838KB

.rdata
Size: 321KB - Virtual size: 321KB

.data
Size: 19KB - Virtual size: 105KB

.pdata
Size: 50KB - Virtual size: 49KB

.rsrc
Size: 395KB - Virtual size: 394KB

.reloc
Size: 46KB - Virtual size: 45KB

UPX0
Size: - Virtual size: 540KB

UPX1
Size: 71KB - Virtual size: 72KB

.rsrc
Size: 6KB - Virtual size: 8KB