30ab4929ae529a8c4a11e07c770a91ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30ab4929ae529a8c4a11e07c770a91ca_JaffaCakes118
Size

790KB
MD5

30ab4929ae529a8c4a11e07c770a91ca
SHA1

118ae9b61add358c47893030c74a9fe8e9491578
SHA256

9d2f570b173edef184602c1c185985399182d616b519e35636a02564a03d5c23
SHA512

f65d86fe4db434b1b2002663ee5ac39af96add2e4b36b12d9db8ff9c98b90e0dc7154c12c02a3b25faf5c7dda75782fdb1fbc4359749bd92469a5769d98c8566
SSDEEP

24576:jxg5+aCBphASa8nRXdkeHm9uaSnPN+Anm:jxg5+aCBphrRN5dt+Am

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/cvery.comdel4557989332/外挂管理测试包/localhost.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comdel4557989332/外挂管理测试包/libmySQL.dll
unpack001/cvery.comdel4557989332/外挂管理测试包/localhost.exe
unpack001/cvery.comdel4557989332/外挂管理测试包/unrar3.dll
unpack001/cvery.comdel4557989332/密钥生成.exe

Files

30ab4929ae529a8c4a11e07c770a91ca_JaffaCakes118
.rar
cvery.comdel4557989332/1.ICO
cvery.comdel4557989332/Config.cfg
cvery.comdel4557989332/DES.pas
cvery.comdel4557989332/MySql.pas
.js
cvery.comdel4557989332/MySqlClass.pas
cvery.comdel4557989332/Project1.dpr
cvery.comdel4557989332/Unit1.dfm
cvery.comdel4557989332/Unit1.pas
cvery.comdel4557989332/database.sql
cvery.comdel4557989332/下载说明.htm
.html .js polyglot
cvery.comdel4557989332/外挂管理测试包/Config.cfg
cvery.comdel4557989332/外挂管理测试包/libmySQL.dll
.dll windows:4 windows x86 arch:x86

33686aba0fa35abe751ec60c59c9c2e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

getservbyname
ntohs
ioctlsocket
htons
gethostbyname
closesocket
shutdown
recv
setsockopt
send
WSACleanup
WSAStartup
WSAGetLastError
connect
socket

kernel32

GetFullPathNameA
SetEnvironmentVariableW
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
GetOEMCP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetCurrentThreadId
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetLastError
InterlockedIncrement
DeleteCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
CreateSemaphoreA
InterlockedDecrement
Sleep
ReadFile
WriteFile
HeapDestroy
HeapCreate
CompareStringW
CompareStringA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetFileType
GetStartupInfoA
LoadLibraryA
GetCommandLineA
GetVersion
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
LCMapStringW
GetACP
VirtualFree
VirtualAlloc
RtlUnwind
SetHandleCount
GetStdHandle
IsValidCodePage
GetLocaleInfoA
SetLastError
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
LCMapStringA
GetCurrentDirectoryA
SetFilePointer
GetCPInfo
IsValidLocale
GetProcAddress
EnumSystemLocalesA
GetUserDefaultLCID
RaiseException
GetDriveTypeA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStringsW

advapi32

RegOpenKeyExA
RegEnumValueA
RegCloseKey

Exports

Exports

_dig_vec
bmove_upp
delete_dynamic
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
max_allowed_packet
my_casecmp
my_end
my_init
my_malloc
my_memdup
my_no_flags_free
my_realloc
my_strdup
my_thread_end
my_thread_init
myodbc_remove_escape
mysql_affected_rows
mysql_change_user
mysql_character_set_name
mysql_close
mysql_connect
mysql_create_db
mysql_data_seek
mysql_debug
mysql_drop_db
mysql_dump_debug_info
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_client_info
mysql_get_host_info
mysql_get_proto_info
mysql_get_server_info
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_row_seek
mysql_row_tell
mysql_select_db
mysql_send_query
mysql_shutdown
mysql_stat
mysql_store_result
mysql_thread_id
mysql_thread_safe
mysql_use_result
net_buffer_length
set_dynamic
strcend
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comdel4557989332/外挂管理测试包/localhost.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 268KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cvery.comdel4557989332/外挂管理测试包/unrar3.dll
.dll windows:4 windows x86 arch:x86

385277c33e14ce37089eb1876b499856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel4557989332/外挂管理测试包/拷贝支持库.bat
cvery.comdel4557989332/外挂管理测试包/测试包说明.txt
cvery.comdel4557989332/密钥生成.exe
.exe windows:4 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Sections

.neolite
Size: 225KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolite
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolite
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolite
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolite
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolite
Size: 512B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolite
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33686aba0fa35abe751ec60c59c9c2e5

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 108KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 88KB - Virtual size: 126KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

CODE Size: 268KB - Virtual size: 696KB

DATA Size: 13KB - Virtual size: 32KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 52KB

.rsrc Size: 25KB - Virtual size: 60KB

.aspack Size: 8KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

385277c33e14ce37089eb1876b499856

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 128KB

.data Size: 15KB - Virtual size: 40KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

Imports

kernel32

user32

Sections

.neolite Size: 225KB - Virtual size: 456KB

.neolite Size: 3KB - Virtual size: 8KB

.neolite Size: - Virtual size: 4KB

.neolite Size: 3KB - Virtual size: 12KB

.neolite Size: - Virtual size: 4KB

.neolite Size: 512B - Virtual size: 36KB

.rsrc Size: 20KB - Virtual size: 44KB

.neolite Size: 11KB - Virtual size: 12KB

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 88KB - Virtual size: 126KB

.reloc
Size: 8KB - Virtual size: 7KB

CODE
Size: 268KB - Virtual size: 696KB

DATA
Size: 13KB - Virtual size: 32KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 52KB

.rsrc
Size: 25KB - Virtual size: 60KB

.aspack
Size: 8KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 127KB - Virtual size: 128KB

.data
Size: 15KB - Virtual size: 40KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.neolite
Size: 225KB - Virtual size: 456KB

.neolite
Size: 3KB - Virtual size: 8KB

.neolite
Size: - Virtual size: 4KB

.neolite
Size: 3KB - Virtual size: 12KB

.neolite
Size: - Virtual size: 4KB

.neolite
Size: 512B - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 44KB

.neolite
Size: 11KB - Virtual size: 12KB