105028dba6f94da701d6af8c5a124f03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

105028dba6f94da701d6af8c5a124f03_JaffaCakes118
Size

2.0MB
MD5

105028dba6f94da701d6af8c5a124f03
SHA1

48b658b2f8bacc1145ff1434c277fb11cbaa915a
SHA256

71a7fb790969d0f5b6165bda1e421f6f8fe8e2fcb87dcd5e778346052d538a86
SHA512

90864d0fba432a651a5bcee216bb70ffd2975eacc0927d28626e7e73ecd572652e372796d69cd97458de487da475a84aa639e8198fd93c75b102a7457e0f0f40
SSDEEP

49152:1erHJakFo3zHQaRyJ8QK3z1Ok1ER4H9mWoi4:1WTFOrQab3z1OkuR4dmF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FuckRouter.exe

Files

105028dba6f94da701d6af8c5a124f03_JaffaCakes118
.rar
FuckRouter.exe
.exe windows:5 windows x86 arch:x86

ec92692433199e4086c411c198b6facf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

GetActiveObject

advapi32

RegQueryInfoKeyW

user32

RegisterClassW

kernel32

RtlUnwind
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

msimg32

AlphaBlend

gdi32

GetRgnBox

version

GetFileVersionInfoSizeW

ole32

IsEqualGUID

comctl32

ImageList_BeginDrag

imm32

ImmAssociateContext

urlmon

CoInternetCreateSecurityManager

wininet

FindFirstUrlCacheEntryExW

shell32

Shell_NotifyIconW

comdlg32

GetOpenFileNameW

oleacc

LresultFromObject

winmm

sndPlaySoundW

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Policy/ALCATEL SpeedTouch511e.ini
Policy/ALPHA AFW-GR55 mini.ini
Policy/ALPHA K3.ini
Policy/ALPHA V4.ini
Policy/ASUS WL530g.ini
Policy/AboveCable ACRT2010-11.ini
Policy/Alpha GR50.ini
Policy/D-Link DI-504.ini
Policy/D-Link DI-524.ini
Policy/D-Link DI-524M.ini
Policy/D-Link DI-604+.ini
Policy/D-Link DI-604.ini
Policy/D-Link DI-624+A.ini
Policy/D-Link DI-808HV.ini
Policy/D-Link DIR-300.ini
Policy/FAST FR40.ini
Policy/HL-RT700.ini
Policy/Hi-Spider Hotel_V3.ini
Policy/HuaWei 3COM BR104.ini
Policy/HuaWei 3COM BR204+.ini
Policy/HuaWei WBR204G+.ini
Policy/HuaWei WBR204G.ini
Policy/KINGNET KN-S1060.ini
Policy/KINGNET KN-S1060T.ini
Policy/KINGNET KN-WR710H.ini
Policy/LINKSYS WRT54G.ini
Policy/LINKSYS WRT54GC.ini
Policy/LinkSYS BEFSR41.ini
Policy/LinkSYS BEFW11S4.ini
Policy/LinkSYS WRK54G(2).ini
Policy/LinkSYS WRK54G.ini
Policy/Mercury MW54R.ini
Policy/Mercury Soho MR804.ini
Policy/NetCore 2105+NR.ini
Policy/NetCore 2505+NR.ini
Policy/NetCore 2805NR.ini
Policy/NetCore 605GR.ini
Policy/NetCore NR+205.ini
Policy/NetShare R-1200.ini
Policy/NetShare R-1800.ini
Policy/Netgear WGR614.ini
Policy/SMC SMC7004VBR.ini
Policy/TP-Link 402M.ini
Policy/TP-Link TD-8810.ini
Policy/TP-Link TL-R402M.ini
Policy/TP-Link TL-R410.ini
Policy/TP-Link TL-R460.ini
Policy/TP-Link TL-WR340G V5.ini
Policy/TP-Link TL-WR340G.ini
Policy/TP-Link TL-WR641G 642G.ini
Policy/Tenda NAT Router.ini
Policy/Tenda TEI402.ini
Policy/Tenda TEI402M.ini
Policy/Tenda TEI480T+.ini
Policy/Tenda TEI6606.ini
Policy/Tenda TEI6608.ini
Policy/Tenda TEI6608S 2.ini
Policy/Tenda TEI6608S.ini
Policy/Tenda TEI6611S.ini
Policy/Tenda W541R.ini
Policy/Wealnet R-2804P.ini
Policy/Wealnet R-2808M.ini
Policy/新云软件.url
.url
使用说明.txt
更新历史.txt
注意事项.txt

Sharing

General

Malware Config

Signatures

Files

ec92692433199e4086c411c198b6facf

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

imm32

urlmon

wininet

shell32

comdlg32

oleacc

winmm

Sections

.text Size: - Virtual size: 1.5MB

.itext Size: - Virtual size: 5KB

.data Size: - Virtual size: 32KB

.bss Size: - Virtual size: 24KB

.idata Size: - Virtual size: 13KB

.tls Size: - Virtual size: 72B

.rdata Size: - Virtual size: 24B

.vmp0 Size: - Virtual size: 115KB

.rsrc Size: 8KB - Virtual size: 252KB

.vmp1 Size: - Virtual size: 1.1MB

.vmp2 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 512B - Virtual size: 120B

.text
Size: - Virtual size: 1.5MB

.itext
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 32KB

.bss
Size: - Virtual size: 24KB

.idata
Size: - Virtual size: 13KB

.tls
Size: - Virtual size: 72B

.rdata
Size: - Virtual size: 24B

.vmp0
Size: - Virtual size: 115KB

.rsrc
Size: 8KB - Virtual size: 252KB

.vmp1
Size: - Virtual size: 1.1MB

.vmp2
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 512B - Virtual size: 120B