17c2c9a6a4f844af91179adb520c2af6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17c2c9a6a4f844af91179adb520c2af6_JaffaCakes118
Size

3.2MB
MD5

17c2c9a6a4f844af91179adb520c2af6
SHA1

c62b15bf59d48974af748ff4293d656b5e0305fe
SHA256

f90743bd25176b40182071c82abbd77a0669fdaeea719fd0c9798435ce23d0e5
SHA512

6950e894d79428c391035508e962fc9e8053313146d29e9200d09d047d57d1003c7f87237a0960d13b6630e7f40c812c86049646dc811398416c19e73f957a5f
SSDEEP

98304:C9QfGXUhxmCICOoK54aUkoWU3AkeghWZxTAwp:CWbIfJZtn9gccwp

Score

7^/10

upx aspackv2

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Eric's TelNet98 v14.0-SSH/Data.cab	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Eric's TelNet98 v14.0-SSH/Setup.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Eric's TelNet98 v14.0-SSH/Data.cab	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Eric's TelNet98 v14.0-SSH (x64)/Data.cab
unpack001/Eric's TelNet98 v14.0-SSH/Data.cab

Files

17c2c9a6a4f844af91179adb520c2af6_JaffaCakes118
.rar
155绿色软件站.url
.url
Crack/Telnet98.reg
Crack/Telnet98_serials.txt
Eric's TelNet98 v14.0-SSH (x64)/Data.cab
.dll windows:4 windows x64 arch:x64

69bed30696df0bbc5e8a7c8368e811c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

FreeSid

comctl32

ord17

gdi32

LineTo

ole32

CoInitialize

oleaut32

SysFreeString

shell32

SHGetMalloc

user32

GetDC

Exports

Exports

Setup

Sections

.MPRESS1
Size: 1.4MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Eric's TelNet98 v14.0-SSH (x64)/Setup.exe
.exe windows:4 windows x64 arch:x64

067924946746a0ef0b2b4808dbf896ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:c7:49:2f:ae:d7:22:f1:97:5d:e8:6d:8a:99:45:75
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/08/2010, 00:00

Not After

06/08/2011, 23:59

Subject

CN=Friedrich Datentechnik GmbH,O=Friedrich Datentechnik GmbH,L=Büttelborn,ST=Hessen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:33:bb:a2:22:3a:80:38:33:25:d7:5d:e2:a8:06:28:93:f8:89:db
Signer

Actual PE Digest

d6:33:bb:a2:22:3a:80:38:33:25:d7:5d:e2:a8:06:28:93:f8:89:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

comctl32

ord17

user32

MessageBoxA

version

VerQueryValueA

Sections

.data
Size: 18KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Eric's TelNet98 v14.0-SSH/Data.cab
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Setup

Sections

UPX0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Eric's TelNet98 v14.0-SSH/Setup.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:c7:49:2f:ae:d7:22:f1:97:5d:e8:6d:8a:99:45:75
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/08/2010, 00:00

Not After

06/08/2011, 23:59

Subject

CN=Friedrich Datentechnik GmbH,O=Friedrich Datentechnik GmbH,L=Büttelborn,ST=Hessen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:0d:99:5f:13:66:31:e3:97:51:4e:0d:d6:14:2b:21:80:30:87:cb
Signer

Actual PE Digest

02:0d:99:5f:13:66:31:e3:97:51:4e:0d:d6:14:2b:21:80:30:87:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

__GetExceptDLLinfo

Sections

.text
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

69bed30696df0bbc5e8a7c8368e811c9

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

ole32

oleaut32

shell32

user32

Exports

Exports

Sections

.MPRESS1 Size: 1.4MB - Virtual size: 5.1MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 6KB

067924946746a0ef0b2b4808dbf896ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

71:c7:49:2f:ae:d7:22:f1:97:5d:e8:6d:8a:99:45:75Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

d6:33:bb:a2:22:3a:80:38:33:25:d7:5d:e2:a8:06:28:93:f8:89:dbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

version

Sections

.data Size: 18KB - Virtual size: 116KB

.edata Size: 3KB - Virtual size: 3KB

.rsrc Size: 64KB - Virtual size: 63KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 3.5MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 7KB - Virtual size: 8KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

71:c7:49:2f:ae:d7:22:f1:97:5d:e8:6d:8a:99:45:75Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

02:0d:99:5f:13:66:31:e3:97:51:4e:0d:d6:14:2b:21:80:30:87:cbSigner

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 12KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 64KB

.MPRESS1
Size: 1.4MB - Virtual size: 5.1MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

71:c7:49:2f:ae:d7:22:f1:97:5d:e8:6d:8a:99:45:75
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

d6:33:bb:a2:22:3a:80:38:33:25:d7:5d:e2:a8:06:28:93:f8:89:db
Signer

.data
Size: 18KB - Virtual size: 116KB

.edata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 64KB - Virtual size: 63KB

UPX0
Size: - Virtual size: 3.5MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 7KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

71:c7:49:2f:ae:d7:22:f1:97:5d:e8:6d:8a:99:45:75
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

02:0d:99:5f:13:66:31:e3:97:51:4e:0d:d6:14:2b:21:80:30:87:cb
Signer

.text
Size: 13KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 12KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 64KB

.reloc
Size: - Virtual size: 4KB

.data
Size: 67KB - Virtual size: 68KB

.adata
Size: - Virtual size: 4KB