69aaa23bac43d811b53530e85f9e12ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69aaa23bac43d811b53530e85f9e12ba_JaffaCakes118
Size

2.6MB
MD5

69aaa23bac43d811b53530e85f9e12ba
SHA1

258dbcb39113a70ff8c7e4b9ad48cdd9e760d774
SHA256

7abe50323476671f12b789cf44889883d7561fa98b9d9251b44b6bc744cac28f
SHA512

22530c24e0015b270cb0c4d27e99cd136fbf5bb4b428aaa235cdcabb6c1244944d1e30d2a0308d658f595f16eb00b753a39e4b7d0d2879ed5842f174cc9c2150
SSDEEP

49152:KQUinPb0XVelWitn4j0fmnwAduZbS1jdnQ+3/dMAflJcvKjWmq:KQUgGmWz4uwYQ21jP1M0lyvK9q

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/GerbView/encryptpdf.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/GerbView/encryptpdf.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GerbView/encryptpdf.dll
unpack002/out.upx
unpack001/GerbView/gerbview.exe

Files

69aaa23bac43d811b53530e85f9e12ba_JaffaCakes118
.rar
GerbView/Samples/50states.plt
GerbView/Samples/cmask.gbr
GerbView/Samples/demo1.gbw
GerbView/Samples/demo2.gbw
GerbView/Samples/drill.drl
GerbView/Samples/layer1.gbr
GerbView/Samples/layer2.gbr
GerbView/Samples/layer3.gbr
GerbView/Samples/layer4.gbr
GerbView/Samples/logo.bmp
GerbView/Samples/silk.gbr
GerbView/Samples/smask.gbr
GerbView/default.gba
GerbView/encryptpdf.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

veryDecryptPDF
veryEncryptPDF
veryIsPDFEncrypted
veryIsValidPDFFile
veryTestEncryptedPDF

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GerbView/gerbview.chm
.chm
GerbView/gerbview.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0RefCount@DWFUtil@@QAE@ABV01@@Z
??0RefCount@DWFUtil@@QAE@XZ
??1RefCount@DWFUtil@@UAE@XZ
??4RefCount@DWFUtil@@QAEAAV01@ABV01@@Z
??_7RefCount@DWFUtil@@6B@
?DecRef@RefCount@DWFUtil@@UAEXXZ
?IncRef@RefCount@DWFUtil@@UAEXXZ
?UnReferenced@RefCount@DWFUtil@@UAEHXZ

Sections

Size: 1.6MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 132KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 56KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 96KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GerbView/汉化新世纪.txt
GerbView/汉化说明.txt
sn.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 49KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.6MB - Virtual size: 3.7MB

Size: 132KB - Virtual size: 560KB

Size: 56KB - Virtual size: 624KB

Size: 96KB - Virtual size: 412KB

.rsrc Size: 44KB - Virtual size: 44KB

.data Size: 288KB - Virtual size: 288KB

Size: - Virtual size: 728KB

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 49KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 44KB - Virtual size: 44KB

.data
Size: 288KB - Virtual size: 288KB