b3cd0521780245a4cc2167d04906ac67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3cd0521780245a4cc2167d04906ac67_JaffaCakes118
Size

1.5MB
MD5

b3cd0521780245a4cc2167d04906ac67
SHA1

f756e18b856f47e821a0bb5576cefb88985a0871
SHA256

e837f8fb289c8887391929ebaac104acf7401cb7b94118d72c2630a74dff2bd9
SHA512

0b50e448050ccd98220cbefbeaea9a8ee0638c96ef537927b4986923215e45c00b10a5d73290c69856ab71a994d34aa3a6e7f6e6ea9be0bfd849014a45b6af75
SSDEEP

24576:ZiA/oMjHVChidECvFgXzcWOauWgDs66hKfBZCstJ4goVZre3JcuYRf1tEgEOxBFb:ZRZYidEvXFODPs6EKfptJ4goHe6RNtEe

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Butterfly Rome.exe	aspack_v212_v242
static1/unpack001/Data/Rome_Run.dll	aspack_v212_v242
static1/unpack001/Data/Rome_Win.dll	aspack_v212_v242
static1/unpack001/Updater.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Butterfly Rome.exe
unpack001/Data/Rome_Run.dll
unpack001/Data/Rome_Win.dll
unpack001/Updater.exe

Files

b3cd0521780245a4cc2167d04906ac67_JaffaCakes118
.zip
Butterfly Rome.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 362KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data/Cos_Alchemy.enc
Data/Cos_Equip.enc
Data/Cos_Equip_Rare.enc
Data/Cos_Ling.enc
Data/Cos_Quest.enc
Data/Job.wav
Data/MaxStack.enc
Data/Msg.wav
Data/Name_data.enc
Data/Obj_Char.enc
Data/Overlap.enc
Data/Rome_Run.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Start_Call

Sections

.text
Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data/Rome_Win.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SRO_Win_Start

Sections

.text
Size: 200KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data/Skill_data.enc
Data/Sro.cur
Data/Start.wav
Data/Stop.wav
Data/Weapon_Data.enc
Data/logo.jpg
.jpg
Data/pcevent_close.jpg
.jpg
Data/pcevent_close_focus.jpg
.jpg
Data/pcevent_close_press.jpg
.jpg
Data/pcevent_window.jpg
.jpg
Data/set.jpg
.jpg
Data/set_focus.jpg
.jpg
Data/set_press.jpg
.jpg
Data/start.jpg
.jpg
Data/start_focus.jpg
.jpg
Data/start_press.jpg
.jpg
Data/stop.jpg
.jpg
Data/stop_focus.jpg
.jpg
Data/stop_press.jpg
.jpg
UpdateList.xml
.xml
Updater.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 214KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 164KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 362KB - Virtual size: 1.1MB

.rdata Size: 66KB - Virtual size: 316KB

.data Size: 22KB - Virtual size: 332KB

.rsrc Size: 9KB - Virtual size: 40KB

.aspack Size: 23KB - Virtual size: 24KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 72KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 8KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 436KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 17KB - Virtual size: 172KB

.rsrc Size: 7KB - Virtual size: 20KB

.reloc Size: 17KB - Virtual size: 72KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 214KB - Virtual size: 464KB

.rdata Size: 19KB - Virtual size: 84KB

.data Size: 17KB - Virtual size: 252KB

.rsrc Size: 7KB - Virtual size: 176KB

.aspack Size: 164KB - Virtual size: 168KB

.adata Size: - Virtual size: 4KB

.text
Size: 362KB - Virtual size: 1.1MB

.rdata
Size: 66KB - Virtual size: 316KB

.data
Size: 22KB - Virtual size: 332KB

.rsrc
Size: 9KB - Virtual size: 40KB

.aspack
Size: 23KB - Virtual size: 24KB

.adata
Size: - Virtual size: 4KB

.text
Size: 21KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 72KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 8KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 200KB - Virtual size: 436KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 17KB - Virtual size: 172KB

.rsrc
Size: 7KB - Virtual size: 20KB

.reloc
Size: 17KB - Virtual size: 72KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 214KB - Virtual size: 464KB

.rdata
Size: 19KB - Virtual size: 84KB

.data
Size: 17KB - Virtual size: 252KB

.rsrc
Size: 7KB - Virtual size: 176KB

.aspack
Size: 164KB - Virtual size: 168KB

.adata
Size: - Virtual size: 4KB