1b4d13ac224cb5f82d144ef0c2155bb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b4d13ac224cb5f82d144ef0c2155bb6_JaffaCakes118
Size

1.1MB
MD5

1b4d13ac224cb5f82d144ef0c2155bb6
SHA1

17ac8b5a14bc1edae6b12b40e4289511ea0a7499
SHA256

bf17fb5db5b872bf665deb4abcd87ebff70c1e5bdb9d189e8dfe1a8f55eedb30
SHA512

1e6f2fb483db28373b6185f8556157ba7e34fea5a7d315cf143a2f4ea14fbd4b82b6771b6aa4ae8a9c353215f832fc297b31ae914a077e0fa2d57bffaf6e7578
SSDEEP

24576:xLwX/VtL3XKMX5ZMCfmIphOreuTmWzpIG6L+moEBHkXT3OiGSOHBS3i4+g8eg:mX/VJpXkCjzOreu6WFm+mrBEXLOlSi0G

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/FFI/VUnpackSDK.dll	acprotect
static1/unpack001/FFI/unarc.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/FFI/VUnpackSDK.dll	upx
static1/unpack001/FFI/unarc.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FFI/FFI.exe
unpack001/FFI/Office.cjstyles
unpack001/FFI/VUnpackSDK.dll
unpack001/FFI/Vista.cjstyles
unpack001/FFI/unarc.dll

Files

1b4d13ac224cb5f82d144ef0c2155bb6_JaffaCakes118
.rar
FFI/FFI.exe
.exe windows:4 windows x86 arch:x86

45be66ed92dd7974c56f52ac74768f71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapReAlloc
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetDriveTypeA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
WideCharToMultiByte
GetTickCount
GetCurrentDirectoryA
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LocalSize
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
InitializeCriticalSection
WritePrivateProfileStringA
WaitForSingleObject
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
FindNextFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalLock
GlobalUnlock
MulDiv
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
ReadFile
GetFileSize
TerminateProcess
OpenThread
Thread32Next
Thread32First
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
WriteProcessMemory
Module32Next
Module32First
ReadProcessMemory
Process32Next
OpenProcess
Process32First
VirtualFreeEx
CreateToolhelp32Snapshot
VirtualAllocEx
VirtualQueryEx
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSizeEx
GetVersion
lstrlenA
InterlockedExchange
CompareStringA
CompareStringW
MultiByteToWideChar
Sleep
DeleteFileA
CreateProcessA
FreeLibrary
GetCommandLineA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
GetModuleFileNameA
CloseHandle
CreateThread
GetCurrentProcess
FindResourceA
LoadResource
LockResource
SizeofResource
SetHandleCount

user32

InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
SetRect
MessageBeep
DestroyIcon
ReleaseCapture
SetCapture
UnregisterClassA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
DestroyMenu
InflateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetNextDlgGroupItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetWindowLongA
SendMessageA
InvalidateRect
EnableWindow
SetCursor
GetClientRect
LoadCursorA
IsWindowEnabled
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
RegisterClipboardFormatA
SetTimer
KillTimer
FillRect
PostThreadMessageA
GetWindowRect
GetCursorPos
CreatePopupMenu
AppendMenuA
LoadIconA
GetSystemMenu
EnableMenuItem
IsIconic
GetSystemMetrics
DrawIcon
RegisterWindowMessageA
CharUpperA
wsprintfA
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
LoadImageA
CreateIconIndirect
CopyIcon
GetIconInfo
GetDoubleClickTime
DrawFocusRect
SetClassLongA
SetWindowRgn
LoadStringA
DrawStateA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetScrollPos
GetScrollPos
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
CopyRect
GetScrollInfo
SetScrollInfo
DrawIconEx
SendMessageTimeoutA
GetFocus
DrawFrameControl
DrawEdge
RegisterClassW
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
EnableScrollBar
EnumWindows
IsWindowUnicode
GetWindowLongW
SetWindowLongW
OffsetRect
SetWindowPos
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
PtInRect
SetRectEmpty

gdi32

CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateCompatibleBitmap
GetTextExtentPoint32A
CreateFontIndirectA
PatBlt
CreateRectRgnIndirect
CreateSolidBrush
CreatePen
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
ExcludeClipRect
SetMapMode
SetStretchBltMode
CreateFontA
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
OffsetRgn
GetTextCharsetInfo
StretchBlt
CreateDIBSection
SetBrushOrgEx
CreatePalette
CreateDIBitmap
Polygon
GetDIBits
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SaveDC
RestoreDC
SetBkMode
SetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA

shell32

DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

comctl32

_TrackMouseEvent
InitCommonControlsEx
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Destroy

shlwapi

PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoCreateInstance
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
LoadTypeLi

psapi

EnumProcessModules
GetModuleFileNameExA

wsock32

gethostbyname
WSAGetLastError
socket
closesocket
WSAStartup
send
recv
htons
connect
WSACleanup

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 776KB - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SuCop0
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFI/Office.cjstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFI/VUnpackSDK.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetASTUnpackFun
GetASTUnpackFunArray
GetStaticUnpackFun
GetUnpackFun
InitVM
SetOEPCallBack

Sections

UPX0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FFI/Vista.cjstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FFI/readme.txt
FFI/unarc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LoadUnarcCom

Sections

UPX0
Size: - Virtual size: 932KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 324KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FFI/unpack.avd
FFI/userdb.txt
FFI/新云软件.url
.url
FFI/软件说明.txt

Sharing

General

Malware Config

Signatures

Files

45be66ed92dd7974c56f52ac74768f71

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

wsock32

imagehlp

Sections

.text Size: 776KB - Virtual size: 775KB

.rdata Size: 176KB - Virtual size: 173KB

.data Size: 28KB - Virtual size: 50KB

.rsrc Size: 80KB - Virtual size: 79KB

.SuCop0 Size: 16KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 72B

Headers

File Characteristics

Sections

.rsrc Size: 293KB - Virtual size: 292KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 432KB

UPX1 Size: 130KB - Virtual size: 132KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.rsrc Size: 546KB - Virtual size: 545KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 932KB

UPX1 Size: 324KB - Virtual size: 328KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 776KB - Virtual size: 775KB

.rdata
Size: 176KB - Virtual size: 173KB

.data
Size: 28KB - Virtual size: 50KB

.rsrc
Size: 80KB - Virtual size: 79KB

.SuCop0
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 72B

.rsrc
Size: 293KB - Virtual size: 292KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 432KB

UPX1
Size: 130KB - Virtual size: 132KB

.rsrc
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 546KB - Virtual size: 545KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 932KB

UPX1
Size: 324KB - Virtual size: 328KB

.rsrc
Size: 4KB - Virtual size: 4KB