4b9118a6e71c2dd67f5c5777248f9871_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4b9118a6e71c2dd67f5c5777248f9871_JaffaCakes118
Size

1.6MB
MD5

4b9118a6e71c2dd67f5c5777248f9871
SHA1

70e37e49811a71f53e75fcb848f0a8f4bc8e6a03
SHA256

a0457d69830ac38f45f672e712b46a3ee2d57c504e251eca446c3f7b68cb8b8e
SHA512

955b8bbf806ea3856272932a3da24b8aa1ad9f5f6c8a65ff2ccd8af9cf335c1e11636891187f1d0201688f6c8a7e4732c33a21cb2c4225f90c3c35449faab65b
SSDEEP

24576:E9nvsXkv9dxQSZ75IbNmPxZ9/HVaRIXOSFNtYwmGBXCxot5YZdMg5:E9vukf5cNMxn/1MGOSZYwXBXCfdH5

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VisualBat/3SOFT/IcoSprite.exe
unpack001/VisualBat/3SOFT/RegToBat.exe
unpack001/VisualBat/VisualBat.exe

Files

4b9118a6e71c2dd67f5c5777248f9871_JaffaCakes118
.rar
VisualBat/3SOFT/IcoSprite.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 180KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VisualBat/3SOFT/IcoSprite.txt
VisualBat/3SOFT/RegToBat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VisualBat/Dos_help.chm
.chm
VisualBat/Dos命令/@.txt
VisualBat/Dos命令/Arp.txt
VisualBat/Dos命令/Assoc.txt
VisualBat/Dos命令/At.txt
VisualBat/Dos命令/Atmadm.txt
VisualBat/Dos命令/Attrib.txt
VisualBat/Dos命令/Bootcfg.txt
VisualBat/Dos命令/Break.txt
VisualBat/Dos命令/Cacls.txt
VisualBat/Dos命令/Call.txt
VisualBat/Dos命令/Change .txt
VisualBat/Dos命令/Change port.txt
VisualBat/Dos命令/Change user.txt
VisualBat/Dos命令/Chcp.txt
VisualBat/Dos命令/Chdir.txt
VisualBat/Dos命令/Chkdsk.txt
VisualBat/Dos命令/Chkntfs.txt
VisualBat/Dos命令/Cipher.txt
VisualBat/Dos命令/Cls.txt
VisualBat/Dos命令/Cmd.txt
.vbs
VisualBat/Dos命令/Cmstp.txt
VisualBat/Dos命令/CommandPromptOptions.txt
VisualBat/Dos命令/Comp.txt
VisualBat/Dos命令/Compact.txt
VisualBat/Dos命令/Convert.txt
VisualBat/Dos命令/Date.txt
VisualBat/Dos命令/Defrag.txt
VisualBat/Dos命令/DiskPart.txt
.vbs
VisualBat/Dos命令/Diskcomp.txt
VisualBat/Dos命令/Diskcopy.txt
VisualBat/Dos命令/Doskey.txt
VisualBat/Dos命令/Driverquery.txt
VisualBat/Dos命令/Endlocal.txt
VisualBat/Dos命令/Eventcreate.txt
VisualBat/Dos命令/Eventquery.txt
VisualBat/Dos命令/Eventtriggers.txt
VisualBat/Dos命令/Evntcmd.txt
VisualBat/Dos命令/Exit.txt
VisualBat/Dos命令/Expand.txt
VisualBat/Dos命令/Flattemp.txt
VisualBat/Dos命令/Goto.txt
VisualBat/Dos命令/IF.txt
VisualBat/Dos命令/Irftp.txt
VisualBat/Dos命令/Net view.txt
VisualBat/Dos命令/Pause.txt
VisualBat/Dos命令/Query process.txt
VisualBat/Dos命令/Query termserver.txt
VisualBat/Dos命令/Query user.txt
VisualBat/Dos命令/Relog.txt
VisualBat/Dos命令/Rem.txt
VisualBat/Dos命令/Reset session.txt
VisualBat/Dos命令/Secedit.txt
VisualBat/Dos命令/Setlocal.txt
VisualBat/Dos命令/Shift.txt
VisualBat/Dos命令/Tracerpt.txt
VisualBat/Dos命令/Typeperf.txt
VisualBat/Dos命令/W32tm.txt
VisualBat/Dos命令/append.txt
.vbs
VisualBat/Dos命令/batch.txt
VisualBat/Dos命令/buffers.txt
VisualBat/Dos命令/change logon.txt
VisualBat/Dos命令/choice.txt
VisualBat/Dos命令/color.txt
VisualBat/Dos命令/concepts.txt
VisualBat/Dos命令/copy.txt
VisualBat/Dos命令/country.txt
VisualBat/Dos命令/cprofile.txt
VisualBat/Dos命令/debug.txt
VisualBat/Dos命令/del.txt
VisualBat/Dos命令/device.txt
VisualBat/Dos命令/devicehigh.txt
VisualBat/Dos命令/dir.txt
VisualBat/Dos命令/dos.txt
VisualBat/Dos命令/dosonly.txt
VisualBat/Dos命令/driveparm.txt
VisualBat/Dos命令/echo.txt
VisualBat/Dos命令/echoconfig.txt
VisualBat/Dos命令/edit.txt
VisualBat/Dos命令/edlin.txt
VisualBat/Dos命令/exe2bin.txt
VisualBat/Dos命令/fastopen.txt
VisualBat/Dos命令/fc.txt
VisualBat/Dos命令/fcbs.txt
VisualBat/Dos命令/files.txt
VisualBat/Dos命令/filters.txt
VisualBat/Dos命令/find.txt
VisualBat/Dos命令/findstr.txt
VisualBat/Dos命令/finger.txt
VisualBat/Dos命令/for.txt
.vbs
VisualBat/Dos命令/forcedos.txt
VisualBat/Dos命令/format.txt
VisualBat/Dos命令/fsutil.txt
VisualBat/Dos命令/ftp.txt
VisualBat/Dos命令/ftype.txt
.vbs
VisualBat/Dos命令/getmac.txt
VisualBat/Dos命令/gpresult.txt
VisualBat/Dos命令/graftabl.txt
VisualBat/Dos命令/graphics.txt
VisualBat/Dos命令/help.txt
VisualBat/Dos命令/helpctr.txt
VisualBat/Dos命令/hostname.txt
VisualBat/Dos命令/how_to.txt
VisualBat/Dos命令/index.txt
VisualBat/Dos命令/install.txt
VisualBat/Dos命令/ipconfig.txt
VisualBat/Dos命令/ipsecmd.txt
VisualBat/Dos命令/ipxroute.txt
VisualBat/Dos命令/label.txt
VisualBat/Dos命令/lastdrive.txt
VisualBat/Dos命令/loadfix.txt
VisualBat/Dos命令/loadhigh.txt
VisualBat/Dos命令/lodctr.txt
VisualBat/Dos命令/lpq.txt
VisualBat/Dos命令/lpr.txt
VisualBat/Dos命令/macfile.txt
VisualBat/Dos命令/mem.txt
VisualBat/Dos命令/mkdir.txt
VisualBat/Dos命令/mmc.txt
VisualBat/Dos命令/mode.txt
VisualBat/Dos命令/more.txt
VisualBat/Dos命令/mountvol.txt
VisualBat/Dos命令/move.txt
VisualBat/Dos命令/msiexec.txt
VisualBat/Dos命令/msinfo.txt
VisualBat/Dos命令/nbtstat.txt
VisualBat/Dos命令/net accounts.txt
VisualBat/Dos命令/net computer.txt
VisualBat/Dos命令/net config.txt
VisualBat/Dos命令/net continue.txt
VisualBat/Dos命令/net file.txt
VisualBat/Dos命令/net group.txt
VisualBat/Dos命令/net help.txt
VisualBat/Dos命令/net helpmsg.txt
VisualBat/Dos命令/net localgroup.txt
VisualBat/Dos命令/net name.txt
VisualBat/Dos命令/net pause.txt
VisualBat/Dos命令/net print.txt
VisualBat/Dos命令/net send.txt
VisualBat/Dos命令/net session.txt
VisualBat/Dos命令/net share.txt
VisualBat/Dos命令/net start.txt
VisualBat/Dos命令/net statistics.txt
VisualBat/Dos命令/net stop.txt
VisualBat/Dos命令/net subcmds.txt
VisualBat/Dos命令/net time.txt
VisualBat/Dos命令/net use.txt
VisualBat/Dos命令/net user.txt
VisualBat/Dos命令/netsh.txt
.vbs
VisualBat/Dos命令/netstat.txt
VisualBat/Dos命令/nlsfunc.txt
VisualBat/Dos命令/nslookup.txt
VisualBat/Dos命令/ntcmdprompt.txt
VisualBat/Dos命令/ntsd.txt
VisualBat/Dos命令/openfiles.txt
VisualBat/Dos命令/pagefileconfig.txt
VisualBat/Dos命令/path.txt
VisualBat/Dos命令/pathping.txt
VisualBat/Dos命令/pbadmin.txt
VisualBat/Dos命令/pentnt.txt
VisualBat/Dos命令/percent.txt
VisualBat/Dos命令/ping.txt
VisualBat/Dos命令/popd.txt
VisualBat/Dos命令/print.txt
VisualBat/Dos命令/prncnfg.txt
VisualBat/Dos命令/prndrvr.txt
VisualBat/Dos命令/prnjobs.txt
VisualBat/Dos命令/prnmngr.txt
VisualBat/Dos命令/prnport.txt
VisualBat/Dos命令/prnqctl.txt
VisualBat/Dos命令/prompt.txt
VisualBat/Dos命令/pushd.txt
VisualBat/Dos命令/rasdial.txt
VisualBat/Dos命令/rcp.txt
VisualBat/Dos命令/recover.txt
VisualBat/Dos命令/redirection.txt
VisualBat/Dos命令/refrGP.txt
VisualBat/Dos命令/refrgp-1.txt
VisualBat/Dos命令/reg.txt
VisualBat/Dos命令/regsvr32.txt
VisualBat/Dos命令/rename.txt
VisualBat/Dos命令/replace.txt
VisualBat/Dos命令/rexec.txt
VisualBat/Dos命令/rmdir.txt
VisualBat/Dos命令/route.txt
VisualBat/Dos命令/rsh.txt
VisualBat/Dos命令/rsm.txt
VisualBat/Dos命令/runas.txt
VisualBat/Dos命令/sc.txt
VisualBat/Dos命令/schtasks.txt
VisualBat/Dos命令/set.txt
.vbs
VisualBat/Dos命令/setver.txt
VisualBat/Dos命令/share.txt
VisualBat/Dos命令/shell.txt
VisualBat/Dos命令/shutdown.txt
VisualBat/Dos命令/sort.txt
VisualBat/Dos命令/stacks.txt
VisualBat/Dos命令/start.txt
VisualBat/Dos命令/subst.txt
VisualBat/Dos命令/switches.txt
VisualBat/Dos命令/system_file_checker.txt
VisualBat/Dos命令/systeminfo.txt
VisualBat/Dos命令/taskkill.txt
VisualBat/Dos命令/tasklist.txt
VisualBat/Dos命令/tcmsetup.txt
VisualBat/Dos命令/tftp.txt
VisualBat/Dos命令/time.txt
VisualBat/Dos命令/title.txt
VisualBat/Dos命令/tracert.txt
VisualBat/Dos命令/tree.txt
VisualBat/Dos命令/type.txt
VisualBat/Dos命令/unlodctr.txt
VisualBat/Dos命令/ver.txt
VisualBat/Dos命令/verify.txt
VisualBat/Dos命令/vol.txt
VisualBat/Dos命令/vssadmin.txt
VisualBat/Dos命令/winnt32.txt
VisualBat/Dos命令/winntsw.txt
VisualBat/Dos命令/wmic.txt
VisualBat/Dos命令/xcopy.txt
VisualBat/VisualBat.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VisualBat/常用实例/1.DLL组件注册.bat
VisualBat/常用实例/2.查看电脑硬件信息.bat
VisualBat/常用实例/3.列举进程.bat
VisualBat/常用实例/4.dos下重启.bat
VisualBat/常用实例/5.删除自身.bat
VisualBat/常用实例/6.修改IE首页.bat
VisualBat/常用实例/ATTRIB修改文件属性.bat
VisualBat/常用实例/一键安装多个系统补丁.bat
VisualBat/常用实例/右键添加打开MS-DOS.bat
VisualBat/常用实例/复制自身到其他路径.bat
VisualBat/常用实例/开机启动项.bat
VisualBat/常用实例/打开网址链接.bat
VisualBat/常用实例/查看物理内存.bat
VisualBat/常用实例/查看进程使用的端口.bat
VisualBat/常用实例/查看驱动器.bat
.bat .vbs
VisualBat/常用实例/清理系统垃圾.bat
VisualBat/常用实例/结束系统进程.bat
VisualBat/常用实例/设置系统服务.bat
VisualBat/常用实例/读注册表的Run下面的值.bat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 180KB - Virtual size: 400KB

DATA Size: 2KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 28KB

.rsrc Size: 12KB - Virtual size: 48KB

.data Size: 9KB - Virtual size: 12KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Sections

CODE Size: 768KB - Virtual size: 768KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 54B

.reloc Size: 47KB - Virtual size: 47KB

.rsrc Size: 573KB - Virtual size: 573KB

CODE
Size: 180KB - Virtual size: 400KB

DATA
Size: 2KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 28KB

.rsrc
Size: 12KB - Virtual size: 48KB

.data
Size: 9KB - Virtual size: 12KB

.text
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

CODE
Size: 768KB - Virtual size: 768KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 54B

.reloc
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 573KB - Virtual size: 573KB