2943e0c6467b739c4e49d2503b00b92c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2943e0c6467b739c4e49d2503b00b92c_JaffaCakes118
Size

372KB
MD5

2943e0c6467b739c4e49d2503b00b92c
SHA1

dbf4c2e324042d536d8f1cfe4e2ef19e145e9707
SHA256

08b2e8d22e414ce6fbfa778f5590169ae030d0dff446a66db97260145f85ed51
SHA512

228493312729b55ff6e822b9140a93ddec0a597a3516f0134e2d113854906895b21c77ba0ae09b848f07415b566c02b133a8cd03f4dc670923cf9e87f5014249
SSDEEP

6144:/2J/sQ0TR7m1zDOAjI36sxwr5BU6fTzcjModD7FcHnfPPwoMh5tt1dgRmAMn67aE:/qsJRamAjc6NJTzUDJcH3n0LomlZmRjz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/淘宝刷收藏精灵v5.3/淘宝刷收藏精灵v5.3.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/淘宝刷收藏精灵v5.3/SkinH_VB6.dll
unpack001/淘宝刷收藏精灵v5.3/淘宝刷收藏精灵v5.3.exe
unpack002/out.upx

Files

2943e0c6467b739c4e49d2503b00b92c_JaffaCakes118
.rar
淘宝刷收藏精灵v5.3/SkinH_VB6.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
淘宝刷收藏精灵v5.3/pro.ini
淘宝刷收藏精灵v5.3/skinh.she
淘宝刷收藏精灵v5.3/使用说明.txt
淘宝刷收藏精灵v5.3/淘宝刷收藏精灵v5.3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 295KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 228KB

.52PoJie Size: 96KB - Virtual size: 112KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 324KB

UPX1 Size: 295KB - Virtual size: 296KB

.rsrc Size: 40KB - Virtual size: 44KB

Headers

File Characteristics

Sections

.text Size: 552KB - Virtual size: 548KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 44KB - Virtual size: 40KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB

UPX0
Size: - Virtual size: 324KB

UPX1
Size: 295KB - Virtual size: 296KB

.rsrc
Size: 40KB - Virtual size: 44KB

.text
Size: 552KB - Virtual size: 548KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 44KB - Virtual size: 40KB