20cdc0a8987f79e1b6e7bb15f80ae9c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20cdc0a8987f79e1b6e7bb15f80ae9c5_JaffaCakes118
Size

18.1MB
MD5

20cdc0a8987f79e1b6e7bb15f80ae9c5
SHA1

4d1aeff264f21e804be2ce60a05b6b1ac0b514e9
SHA256

734c10cee33a4cd075e7c34282fce11733472aa66b5c2512042fc5c16d571a8d
SHA512

90676de216a58036e4140b3efcddf041d5f655ec1e117609c9d5cee115c02acf1d1fea4476e46d075cb67f395f122740f74cc539c5e4479357cc42d4fbd2c7e9
SSDEEP

393216:vFZDh+CLJaHpKbqwTD22PtsbNQ8B78SBRg78H4f0UQZoJo:diCLJ/bqwTMQ8B7pRg8oct

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/tiandi_sales_setup/Setup.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tiandi_sales_setup/Setup.exe
unpack001/tiandi_sales_setup/软件狗驱动安装程序.exe

Files

20cdc0a8987f79e1b6e7bb15f80ae9c5_JaffaCakes118
.rar
tiandi_sales_setup/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 494KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tiandi_sales_setup/setup.ini
tiandi_sales_setup/下载说明.htm
.html .js polyglot
tiandi_sales_setup/天地青系列软件安装手册.doc
.doc windows office2003
tiandi_sales_setup/天地青进销存使用手册(单机版网络版).doc
.doc windows office2003
tiandi_sales_setup/天地青进销存流程及说明.doc
.doc windows office2003
tiandi_sales_setup/软件狗驱动安装程序.exe
.exe windows:4 windows x86 arch:x86

c6bc021c28c5b0d98cd310d30a84af9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord2976
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord2764
ord537
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord4224
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3798
ord4673
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
_itoa
__CxxFrameHandler
__dllonexit
_controlfp
_onexit
_exit
_XcptFilter

kernel32

GetSystemDirectoryA
Sleep
CreateProcessA
WaitForSingleObject
GetVersionExA
GetCommandLineA
SizeofResource
LockResource
SetFileTime
FindResourceA
CompareFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
WriteFile
GetFileTime
CloseHandle
LoadResource
GetModuleFileNameA
CreateFileA

user32

SetCursor
LoadCursorA
MessageBoxA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
DrawIcon

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 494KB - Virtual size: 1.3MB

DATA Size: 7KB - Virtual size: 20KB

BSS Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 96KB

.rsrc Size: 68KB - Virtual size: 392KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

c6bc021c28c5b0d98cd310d30a84af9d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 344KB - Virtual size: 343KB

CODE
Size: 494KB - Virtual size: 1.3MB

DATA
Size: 7KB - Virtual size: 20KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 96KB

.rsrc
Size: 68KB - Virtual size: 392KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 344KB - Virtual size: 343KB