617738da8877a9af27c10656e41bdabc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

617738da8877a9af27c10656e41bdabc_JaffaCakes118
Size

2.7MB
MD5

617738da8877a9af27c10656e41bdabc
SHA1

6d6b39349760c3fe57cbe7b76c4e08eb33fc3f72
SHA256

6f0751932b6be5dee4c180cb53737c1cbcc2b62961f78403435c5cce9cee33c0
SHA512

c92a8a37294ae0714fac8b54e5a5e1430e16ca3708d8870dfd675d439741e172142a41f032e4efa18e827720d947c94027ec09ed482c2e69fb1ebec94eece40e
SSDEEP

49152:7BOUuNiYnQSHw1/N2/hP+M5XrA+3VKrnozxYIxwZGcNNahjj0Ct6uWPziaMc1:1mNi4QSHwd8/dG+8rnexXawcDahjjntW

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/YitSNME.DLL
unpack001/YitSNME.sys
unpack001/YitSNMEM.exe
unpack001/YitSNMES.exe
unpack001/netcfg.exe

Files

617738da8877a9af27c10656e41bdabc_JaffaCakes118
.rar
Help.chm
.chm
OldWebFiles/btn1.gif
.gif
OldWebFiles/btn2.gif
.gif
OldWebFiles/chpasswd.htm
.html
OldWebFiles/gen.htm
.html
OldWebFiles/login1.gif
.gif
OldWebFiles/login2.gif
.gif
OldWebFiles/login3.gif
.gif
OldWebFiles/login4.gif
.gif
OldWebFiles/login5.gif
.gif
OldWebFiles/login6.gif
.gif
OldWebFiles/login7.gif
.gif
OldWebFiles/login8.gif
.gif
OldWebFiles/loginbg2.gif
.gif
OldWebFiles/logon.htm
.html
OldWebFiles/logout.htm
.html
OldWebFiles/下载说明.htm
.html .js polyglot
Setup.exe
.exe windows:1 windows x86 arch:x86

0657f1c54462740149906ec58c1d3de8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoCreateInstance

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

comdlg32

GetOpenFileNameA

Sections

CODE
Size: 355KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WebFiles/chpasswd.htm
.html
WebFiles/gen.htm
.html
WebFiles/images/bk2.gif
.gif
WebFiles/logon.htm
.html .js polyglot
WebFiles/logout.htm
.html .js polyglot
WebFiles/下载说明.htm
.html .js polyglot
YitSNME.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 159KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reso
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
YitSNME.sys
.sys windows:5 windows x86 arch:x86

946056d8337346f3fd2f95ad2cea663c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\code\上网管理专家\YitSNME_Demo(5.0)\Driver\objfre\i386\YitSNME.pdb

Imports

ntoskrnl.exe

_purecall
ExAllocatePoolWithTag
ObReferenceObjectByHandle
KeClearEvent
ExFreePool
RtlCompareMemory
DbgPrint
ExSystemTimeToLocalTime
RtlTimeToTimeFields
KeSetEvent
IofCompleteRequest
RtlEqualUnicodeString

ndis.sys

NdisResetEvent
NdisMRemoveMiniport
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisCloseAdapter
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMInitializeDeviceInstanceEx
NdisIMGetDeviceContext
NdisAllocatePacketPoolEx
NdisWriteErrorLogEntry
NdisMCancelTimer
NdisMSetPeriodicTimer
NdisUnicodeStringToAnsiString
NdisAllocateSpinLock
NdisFreeSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisQueryBufferSafe
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisFreePacket
NdisPacketPoolUsage
NdisQueryAdapterInstanceName
NdisGetCurrentSystemTime
NdisFreeBuffer
NdisFreeMemory
NdisAllocateBuffer
NdisAllocateMemory
NdisMInitializeTimer
NdisInitUnicodeString
NdisAllocatePacketPool
NdisFreePacketPool
NdisUnchainBufferAtFront
NdisMDeregisterDevice
NdisMRegisterDevice
NdisSetEvent
NdisMSetAttributesEx
NdisWaitEvent
NdisOpenConfiguration
NdisOpenProtocolConfiguration
NdisCloseConfiguration
NdisDeregisterProtocol
NdisIMDeregisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterAdapterShutdownHandler
NdisRegisterProtocol
NdisIMRegisterLayeredMiniport
NdisIMAssociateMiniport
NdisMRegisterAdapterShutdownHandler
NdisTransferData
NdisGetReceivedPacket
NdisOpenAdapter
NdisTerminateWrapper
NdisInitializeWrapper
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisReadConfiguration
NdisMSleep
NdisRequest
NdisSend
NdisReturnPackets

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 128B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STL
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YitSNMEM.exe
.exe windows:1 windows x86 arch:x86

1444be7ef7423750e4cfb2f5b01b2966

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SafeArrayPtrOfIndex

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

olepro32

OleLoadPicture

comctl32

ImageList_SetIconSize

imm32

ImmGetCompositionStringW

winspool.drv

OpenPrinterA

wsock32

WSACleanup

shell32

Shell_NotifyIconA

comdlg32

GetSaveFileNameA

netapi32

Netbios

Sections

CODE
Size: 823KB - Virtual size: 33.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
YitSNMES.exe
.exe windows:1 windows x86 arch:x86

225b98e04b80ffe97732f88f9be0ed64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

wininet

InternetGetConnectedState

wsock32

WSACleanup

ws2_32

htons

iphlpapi

GetIfTable

Sections

CODE
Size: 203KB - Virtual size: 32.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
netFilter.inf
netFilterMP.inf
netcfg.exe
.exe windows:5 windows x86 arch:x86

a2f3b8ca9ae0d2c1e4c3bb2f0ce14718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_c_exit
_exit
_XcptFilter
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
wcslen
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
vwprintf
_iob
fflush
iswprint
wcscpy
exit
wcschr
wprintf
_adjust_fdiv
tolower

kernel32

GetModuleHandleA
GetLastError

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

setupapi

SetupDiGetClassDevsW
SetupCopyOEMInfW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
setup.txt
update.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

0657f1c54462740149906ec58c1d3de8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

comdlg32

Sections

CODE Size: 355KB - Virtual size: 1.3MB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 159KB - Virtual size: 392KB

.reso Size: 6KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

946056d8337346f3fd2f95ad2cea663c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 768B - Virtual size: 704B

.data Size: 1.6MB - Virtual size: 1.6MB

.CRT Size: 128B - Virtual size: 32B

.STL Size: 128B - Virtual size: 16B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 7KB - Virtual size: 7KB

1444be7ef7423750e4cfb2f5b01b2966

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

olepro32

comctl32

imm32

winspool.drv

wsock32

shell32

comdlg32

netapi32

Sections

CODE Size: 823KB - Virtual size: 33.5MB

.rsrc Size: 22KB - Virtual size: 24KB

225b98e04b80ffe97732f88f9be0ed64

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

comctl32

wininet

wsock32

ws2_32

CODE
Size: 355KB - Virtual size: 1.3MB

.rsrc
Size: 12KB - Virtual size: 16KB

CODE
Size: 159KB - Virtual size: 392KB

.reso
Size: 6KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 768B - Virtual size: 704B

.data
Size: 1.6MB - Virtual size: 1.6MB

.CRT
Size: 128B - Virtual size: 32B

.STL
Size: 128B - Virtual size: 16B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 7KB - Virtual size: 7KB

CODE
Size: 823KB - Virtual size: 33.5MB

.rsrc
Size: 22KB - Virtual size: 24KB

CODE
Size: 203KB - Virtual size: 32.3MB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 1024B - Virtual size: 888B