1005d3d9e0d5a603a2b1da6993e3f77a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1005d3d9e0d5a603a2b1da6993e3f77a_JaffaCakes118
Size

702KB
MD5

1005d3d9e0d5a603a2b1da6993e3f77a
SHA1

ae909a67ffdf73a32bb81f006062bb1c1ab8e8fb
SHA256

50cda6fbbe1d5680beb4d0c7433ee5b9c91976b098b471166c6183e15e6d6426
SHA512

bf472bd21e6d54fcd5ccb64b46eb90f701f6bbae4e86d877b8364ba4abc7ce01fa88c3f7d6fdaa2198a4457bd39935367d21e54389afc9b325171cbea0cefdeb
SSDEEP

12288:q2WB9k8+m0nlv1Nne2w+NbfGzJQ26qeWmhJDzrE3yReWARLi3Hho89/cC7hb1eg0:qBBT0Z9Nbex6qeWmhJY3fNRLSSYkiHeV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/BF2-cdkey算号器+加密器+BF2小工具/战地2序列号生成器.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BF2-cdkey算号器+加密器+BF2小工具/BF2CDChange.exe
unpack001/BF2-cdkey算号器+加密器+BF2小工具/BF2CDKeyCheck加密器.exe
unpack001/BF2-cdkey算号器+加密器+BF2小工具/BF2tool.exe
unpack001/BF2-cdkey算号器+加密器+BF2小工具/战地2序列号生成器.exe

Files

1005d3d9e0d5a603a2b1da6993e3f77a_JaffaCakes118
.rar
BF2-cdkey算号器+加密器+BF2小工具/BF2CDChange.exe
.exe windows:4 windows x86 arch:x86

0c209a48e54888d1b37dadcc99e681a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord537
ord644
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord616
ord617
_CIatan
ord618
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BF2-cdkey算号器+加密器+BF2小工具/BF2CDKeyCheck加密器.exe
.exe windows:4 windows x86 arch:x86

89185ca0d58ed9d985f9963dd0908ae6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dice\Projects\Bf2\Code\Tools\BF2CDKeyCheck\Release\BF2CDKeyCheck.pdb

Imports

advapi32

RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

crypt32

CryptUnprotectData
CryptProtectData

kernel32

LocalFree
FormatMessageA
GetLastError
WideCharToMultiByte
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
SetFilePointer
GetACP
GetOEMCP
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
CloseHandle

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BF2-cdkey算号器+加密器+BF2小工具/BF2tool.exe
.exe windows:4 windows x86 arch:x86

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BF2-cdkey算号器+加密器+BF2小工具/战地2序列号生成器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c209a48e54888d1b37dadcc99e681a2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

89185ca0d58ed9d985f9963dd0908ae6

Headers

File Characteristics

PDB Paths

Imports

advapi32

crypt32

kernel32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 9KB

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.ecode Size: 96KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 928B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 392KB

UPX1 Size: 135KB - Virtual size: 136KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.ecode
Size: 96KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 928B

UPX0
Size: - Virtual size: 392KB

UPX1
Size: 135KB - Virtual size: 136KB

.rsrc
Size: 512B - Virtual size: 4KB