326dbd1ac5705cb0f5ca8586d70a41c2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

326dbd1ac5705cb0f5ca8586d70a41c2_JaffaCakes118
Size

1.9MB
MD5

326dbd1ac5705cb0f5ca8586d70a41c2
SHA1

2a41c20f79f97ca2f2b78a171cd1b545b4108216
SHA256

aa6e3a3f06fbf1a9b6fd3c03afd97abb83adcaa63e68bf41e83fe0ff2aff02e1
SHA512

c6c70cba3272743da9ce1d89e4144e1372fa1e3e2951366ab8d4cc709bcd5fe24b3ec7bca065b1b1d500a3e5d7b04ede67bac8372d6a751360e9ada921496e98
SSDEEP

49152:ViqGYlHD68IVpVA4te740wiXMJ/eC+9G5wJ:ViwHDEd4BwiXg+t

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/AutoGuarder2.3.7.350/Vdata.dll	acprotect

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AutoGuarder2.3.7.350/AutoGuarder.exe	upx
static1/unpack001/AutoGuarder2.3.7.350/LiveUpdate.exe	upx
static1/unpack001/AutoGuarder2.3.7.350/Update.exe	upx
static1/unpack001/AutoGuarder2.3.7.350/Vdata.dll	upx
static1/unpack001/AutoGuarder2.3.7.350/arvmon.exe	upx
static1/unpack001/AutoGuarder2.3.7.350/kill_auto.exe	upx
static1/unpack001/AutoGuarder2.3.7.350/kill_folder.exe	upx
static1/unpack001/AutoGuarder2.3.7.350/kill_meex.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx
unpack004/out.upx
unpack005/out.upx
unpack006/out.upx
unpack001/AutoGuarder2.3.7.350/kill_auto.exe
unpack007/out.upx
unpack001/AutoGuarder2.3.7.350/kill_folder.exe
unpack008/out.upx
unpack001/AutoGuarder2.3.7.350/kill_meex.exe
unpack009/out.upx

Files

326dbd1ac5705cb0f5ca8586d70a41c2_JaffaCakes118
.rar
AutoGuarder2.3.7.350/AutoGuarder.exe
.exe windows:5 windows x86 arch:x86

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

Issuer

CN=Root Agency

Not Before

31-03-2010 16:00

Not After

30-12-2011 16:00

Subject

CN=任软工作室,O=任豪,1.2.840.113549.1.9.1=#0c156275677265706f72744072656e736f66742e6f7267

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:2e:3e:26:dc:1b:26:3d:d1:d6:57:46:f4:16:b4:2d:1c:f4:a9:8c
Signer

Actual PE Digest

b4:2e:3e:26:dc:1b:26:3d:d1:d6:57:46:f4:16:b4:2d:1c:f4:a9:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 310KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 674KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/LiveUpdate.exe
.exe windows:5 windows x86 arch:x86

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

Issuer

CN=Root Agency

Not Before

31-03-2010 16:00

Not After

30-12-2011 16:00

Subject

CN=任软工作室,O=任豪,1.2.840.113549.1.9.1=#0c156275677265706f72744072656e736f66742e6f7267

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:6e:74:db:1c:4a:b6:fb:be:7f:29:f9:f5:93:e8:07:02:cc:72:b7
Signer

Actual PE Digest

d7:6e:74:db:1c:4a:b6:fb:be:7f:29:f9:f5:93:e8:07:02:cc:72:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/Settings.ini
AutoGuarder2.3.7.350/Update.exe
.exe windows:5 windows x86 arch:x86

Code Sign

4f:33:86:8c:49:55:da:7f:bc:bf:1e:d7:13:bf:c5:b6:fe:46:85:ca
Signer

Actual PE Digest

4f:33:86:8c:49:55:da:7f:bc:bf:1e:d7:13:bf:c5:b6:fe:46:85:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/Vdata.dll
.dll windows:5 windows x86 arch:x86

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

Issuer

CN=Root Agency

Not Before

31-03-2010 16:00

Not After

30-12-2011 16:00

Subject

CN=任软工作室,O=任豪,1.2.840.113549.1.9.1=#0c156275677265706f72744072656e736f66742e6f7267

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:ad:69:0d:79:d7:92:2a:6b:52:1a:06:04:48:fd:86:3b:31:f0:bc
Signer

Actual PE Digest

0a:ad:69:0d:79:d7:92:2a:6b:52:1a:06:04:48:fd:86:3b:31:f0:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CheckWData
CleanupReg
DoFindVirus
FindVirus
FindVirus2
GetVirusCount
GetVirusName
InitData
InitDll2

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 286KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/Warning.WAV
AutoGuarder2.3.7.350/arvmon.exe
.exe windows:5 windows x86 arch:x86

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

Issuer

CN=Root Agency

Not Before

31-03-2010 16:00

Not After

30-12-2011 16:00

Subject

CN=任软工作室,O=任豪,1.2.840.113549.1.9.1=#0c156275677265706f72744072656e736f66742e6f7267

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:0f:64:0a:21:ad:30:0d:61:f8:7d:aa:bd:28:2c:3d:1c:cc:ae:66
Signer

Actual PE Digest

34:0f:64:0a:21:ad:30:0d:61:f8:7d:aa:bd:28:2c:3d:1c:cc:ae:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/kill_auto.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/kill_folder.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 480KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 979KB - Virtual size: 978KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/kill_meex.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGuarder2.3.7.350/更新日志.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

b4:2e:3e:26:dc:1b:26:3d:d1:d6:57:46:f4:16:b4:2d:1c:f4:a9:8cSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 310KB - Virtual size: 312KB

.rsrc Size: 132KB - Virtual size: 132KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 674KB - Virtual size: 674KB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 13KB - Virtual size: 36KB

.rsrc Size: 267KB - Virtual size: 267KB

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

d7:6e:74:db:1c:4a:b6:fb:be:7f:29:f9:f5:93:e8:07:02:cc:72:b7Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 444KB

UPX1 Size: 169KB - Virtual size: 172KB

.rsrc Size: 158KB - Virtual size: 160KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 37KB - Virtual size: 37KB

Code Sign

4f:33:86:8c:49:55:da:7f:bc:bf:1e:d7:13:bf:c5:b6:fe:46:85:caSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 300KB

UPX1 Size: 80KB - Virtual size: 80KB

.rsrc Size: 136KB - Virtual size: 140KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 28KB - Virtual size: 27KB

Code Sign

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

b4:2e:3e:26:dc:1b:26:3d:d1:d6:57:46:f4:16:b4:2d:1c:f4:a9:8c
Signer

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 310KB - Virtual size: 312KB

.rsrc
Size: 132KB - Virtual size: 132KB

.text
Size: 674KB - Virtual size: 674KB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 13KB - Virtual size: 36KB

.rsrc
Size: 267KB - Virtual size: 267KB

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

d7:6e:74:db:1c:4a:b6:fb:be:7f:29:f9:f5:93:e8:07:02:cc:72:b7
Signer

UPX0
Size: - Virtual size: 444KB

UPX1
Size: 169KB - Virtual size: 172KB

.rsrc
Size: 158KB - Virtual size: 160KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 37KB - Virtual size: 37KB

4f:33:86:8c:49:55:da:7f:bc:bf:1e:d7:13:bf:c5:b6:fe:46:85:ca
Signer

UPX0
Size: - Virtual size: 300KB

UPX1
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 136KB - Virtual size: 140KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 28KB - Virtual size: 27KB

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0a:ad:69:0d:79:d7:92:2a:6b:52:1a:06:04:48:fd:86:3b:31:f0:bc
Signer

UPX0
Size: - Virtual size: 1.8MB

UPX1
Size: 286KB - Virtual size: 288KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 541KB - Virtual size: 540KB

.rdata
Size: 806KB - Virtual size: 806KB

.data
Size: 4KB - Virtual size: 637KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 82KB - Virtual size: 82KB

02:9e:d3:fb:08:60:7b:9b:4b:b2:5d:59:51:1c:13:e0
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:0f:64:0a:21:ad:30:0d:61:f8:7d:aa:bd:28:2c:3d:1c:cc:ae:66
Signer

UPX0
Size: - Virtual size: 392KB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 101KB - Virtual size: 104KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 196KB - Virtual size: 195KB

UPX0
Size: - Virtual size: 232KB

UPX1
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 9KB - Virtual size: 27KB

.rsrc
Size: 26KB - Virtual size: 26KB