16f2231c5eae58c590a56503886d60e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16f2231c5eae58c590a56503886d60e1_JaffaCakes118
Size

1.1MB
MD5

16f2231c5eae58c590a56503886d60e1
SHA1

4689b590b4518e25c0a1efeb5c837601a97d354e
SHA256

a006e2d58d38700efebdfb0a24d568bdd28e545dbbff7798fcf126a5c1376fc7
SHA512

9cb0845e46fad949c438f42d6c0a6396bc6aabc653f67f1921debae2421aa9bed5507edb214465a1686f896f3860d418b6a5dfeba888bae4d960f69f68849f03
SSDEEP

24576:SBwdqeboVA8EzFDJd6a1mgNP98FjbXcCNY1V2eR0I31g9q3qs0:SYcezHdfF7CMCifWI3rqH

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Interop.jmail.dll
unpack001/IrisSkin2.dll
unpack001/jmail.dll
unpack001/剑儿服务器木马监控器.exe

Files

16f2231c5eae58c590a56503886d60e1_JaffaCakes118
.rar
Interop.jmail.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IrisSkin2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jmail.dll
.dll regsvr32 windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
server.ini
www.soft288.com.mdb
信任文件管理.jpg
.jpg
剑儿服务器木马监控器.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
发送E-MAIL.jpg
.jpg
新云软件.url
.url
日志中心.jpg
.jpg
木马查杀.jpg
.jpg
监控设置.jpg
.jpg
自定义病毒库.jpg
.jpg
说明.txt

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 488KB - Virtual size: 485KB

.sdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 269KB - Virtual size: 268KB

DATA Size: 3KB - Virtual size: 2KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 162B

.reloc Size: 18KB - Virtual size: 17KB

.rsrc Size: 57KB - Virtual size: 57KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.sdata Size: 512B - Virtual size: 144B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 488KB - Virtual size: 485KB

.sdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 12B

CODE
Size: 269KB - Virtual size: 268KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 162B

.reloc
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 57KB - Virtual size: 57KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.sdata
Size: 512B - Virtual size: 144B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B