2507f8fd4880b6b7a9f0f46b8d70187a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2507f8fd4880b6b7a9f0f46b8d70187a_JaffaCakes118
Size

12.5MB
MD5

2507f8fd4880b6b7a9f0f46b8d70187a
SHA1

9262dc458f595ccaad93836d1bd5d576c373f5a0
SHA256

9022a561d23778acdba97745e8f3cbb00a05e3e9c15fd5ea1413c0079fde79ef
SHA512

1645812df7000ea98e50be519888817727305accc2ba7dee26f6c501bb52a4be9be67f29ca62d9234a0b26bc974d418a6fa08279271cc5b8e3b4221e925bb8ea
SSDEEP

393216:T7/iJC/92jtuyA3XZWHHFEWlpCize/40Bi7Ep1:T7/GM2hyQmy8F

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/taobaosend/Update.exe	aspack_v212_v242
static1/unpack001/taobaosend/taobaosend.exe	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/taobaosend/Update.exe
unpack001/taobaosend/taobaosend.exe
unpack001/taobaosend/淘宝旺旺群发设定教程.exe

Files

2507f8fd4880b6b7a9f0f46b8d70187a_JaffaCakes118
.rar
taobaosend/Update.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 236KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
taobaosend/backup/_desktop.ini
taobaosend/config.ini
taobaosend/filter.txt
taobaosend/lastbackupmsg.txt
.txt .rtf
taobaosend/loginuser.xml
taobaosend/runlog/_desktop.ini
taobaosend/sendlog.txt
taobaosend/taobaosend.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 436KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
taobaosend/update/_desktop.ini
taobaosend/update/update.ini
taobaosend/usertxt/20060531_1_38728.txt
taobaosend/usertxt/20060531_2_50000.txt
taobaosend/usertxt/20060531_3_50000.txt
taobaosend/usertxt/20060531_4_50000.txt
taobaosend/usertxt/20060531_5_36849.txt
taobaosend/usertxt/20060910_1_30000.txt
taobaosend/usertxt/20060910_2_30000.txt
taobaosend/usertxt/20060910_3_30000.txt
taobaosend/usertxt/20060910_4_30000.txt
taobaosend/usertxt/20060910_5_30000.txt
taobaosend/usertxt/20060910_6_30000.txt
taobaosend/usertxt/20060910_7_41163.txt
taobaosend/usertxt/20061130-1.txt
taobaosend/usertxt/20061130-2.txt
taobaosend/usertxt/20061130-3.txt
taobaosend/usertxt/20061130-4.txt
taobaosend/usertxt/20061130-5.txt
taobaosend/usertxt/20061130-6.txt
taobaosend/usertxt/_desktop.ini
taobaosend/usertxt/上海.txt
taobaosend/usertxt/云南贵州四川.txt
taobaosend/usertxt/其它无位置信息.txt
taobaosend/usertxt/内蒙古新疆西藏宁夏青海甘肃黑龙江.txt
taobaosend/usertxt/北京.txt
taobaosend/usertxt/吉林安徽.txt
taobaosend/usertxt/天津.txt
taobaosend/usertxt/山东.txt
taobaosend/usertxt/广东.txt
taobaosend/usertxt/广西海南海外.txt
taobaosend/usertxt/江苏.txt
taobaosend/usertxt/江西辽宁陕西山西.txt
taobaosend/usertxt/河南河北.txt
taobaosend/usertxt/浙江.txt
taobaosend/usertxt/湖南湖北.txt
taobaosend/usertxt/澳门香港台湾.txt
taobaosend/usertxt/福建.txt
taobaosend/usertxt/重庆.txt
taobaosend/安装说明.url
.url
taobaosend/淘宝旺旺群发设定教程.exe
.exe windows:4 windows x86 arch:x86

5ef438826adc5824d56306292b3547a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Source\cvs_sflash\cvs_sflash\Sf\sfplayer\qarbon_release\sfplayer.pdb

Imports

urlmon

CreateURLMoniker
RegisterBindStatusCallback

kernel32

LoadResource
FindResourceA
SizeofResource
MultiByteToWideChar
lstrlenA
MulDiv
GetThreadLocale
GetVersion
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualQuery
InterlockedExchange
LoadLibraryA
CreateFileA
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
LockResource
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetProcAddress
ReadFile
CloseHandle
GetLastError
GetVersionExA
GetModuleFileNameA
CopyFileA
BeginUpdateResourceA
DeleteFileA
UpdateResourceA
EndUpdateResourceA
GetOEMCP
SetEndOfFile
WriteFile
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetACP
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualProtect
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
GetCPInfo

user32

SetWindowLongA
ReleaseDC
LoadAcceleratorsA
ShowWindow
UpdateWindow
GetMessageA
TranslateAcceleratorA
DispatchMessageA
TranslateMessage
GetWindowInfo
GetMenuBarInfo
SetWindowTextA
LoadIconA
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
FillRect
GetDC
GetWindowLongA
SetMenu
DefWindowProcA
SetWindowPos
GetDesktopWindow
InvalidateRect
DialogBoxParamA
GetMenu
CheckMenuItem
EnableMenuItem
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
GetDlgItem
SetFocus
EndDialog
GetWindowRect
MoveWindow
CopyRect
GetClientRect
MessageBoxA

gdi32

GetStockObject
CreateSolidBrush
DeleteObject
GetObjectA
DPtoLP
GetMapMode
SetMapMode
LPtoDP
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoGetMalloc

oleaut32

OleCreateFontIndirect
SysAllocString
VariantClear
VariantChangeType

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 236KB - Virtual size: 604KB

DATA Size: 3KB - Virtual size: 12KB

BSS Size: - Virtual size: 8KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 48KB

.rsrc Size: 26KB - Virtual size: 124KB

.aspack Size: 8KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 436KB - Virtual size: 1.1MB

DATA Size: 6KB - Virtual size: 16KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 84KB

.rsrc Size: 106KB - Virtual size: 324KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

5ef438826adc5824d56306292b3547a1

Headers

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

CODE
Size: 236KB - Virtual size: 604KB

DATA
Size: 3KB - Virtual size: 12KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 48KB

.rsrc
Size: 26KB - Virtual size: 124KB

.aspack
Size: 8KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 436KB - Virtual size: 1.1MB

DATA
Size: 6KB - Virtual size: 16KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 84KB

.rsrc
Size: 106KB - Virtual size: 324KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB