82a79f2544fc4064c5a602c1a0798a45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82a79f2544fc4064c5a602c1a0798a45_JaffaCakes118
Size

723KB
MD5

82a79f2544fc4064c5a602c1a0798a45
SHA1

cbb932eab000523455bfa55b0699ebee288866d0
SHA256

201d671f3d40f74c937954de337c32fbf9ae3bac83d5ca892a81a7d68271226b
SHA512

b491dc2d7587f8655044a10f2667dddc37c483d4b52d862b2d432c31da548ddb528f6a2a2b3b687967c7cdf96b0999725139a9bebcae0d30116b582b994c12e3
SSDEEP

12288:PE7ZBzuyo3fvFgNiZi6Rt990yz0TfbAFQPRuvVlFn7QefkWl4RFHwPQCzk2FuxAd:s77YvCl6R790yoT0yPwNvn71fk+WQJFL

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/留言监视器/iext.fnr	aspack_v212_v242
static1/unpack001/留言监视器/internet.fne	aspack_v212_v242
static1/unpack001/留言监视器/krnln.fnr	aspack_v212_v242
static1/unpack001/留言监视器/shell.fne	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/留言监视器/iext.fnr
unpack001/留言监视器/internet.fne
unpack001/留言监视器/krnln.fnr
unpack001/留言监视器/shell.fne
unpack001/留言监视器/留言监视器.exe

Files

82a79f2544fc4064c5a602c1a0798a45_JaffaCakes118
.rar
留言监视器/1.dat
留言监视器/2.dat
留言监视器/gmxz.htm
.html
留言监视器/gmzc.sz
留言监视器/iext.fnr
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 55KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
留言监视器/internet.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 54KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
留言监视器/krnln.fnr
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
GetNewSock

Sections

.text
Size: 316KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
留言监视器/nanhome.url
.url
留言监视器/readme.txt
留言监视器/save.dat
留言监视器/shell.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
留言监视器/下载说明.htm
.html .js polyglot
留言监视器/留言监视器.exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 116KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 68KB

.rsrc Size: 6KB - Virtual size: 20KB

.reloc Size: 7KB - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 104KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 80KB

.rsrc Size: 3KB - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 752KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 20KB - Virtual size: 124KB

.rsrc Size: 14KB - Virtual size: 60KB

.reloc Size: 26KB - Virtual size: 68KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 36KB

.reloc Size: 1KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 1024B - Virtual size: 556B

.rdata Size: 512B - Virtual size: 404B

.ecode Size: 238KB - Virtual size: 238KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 55KB - Virtual size: 116KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 68KB

.rsrc
Size: 6KB - Virtual size: 20KB

.reloc
Size: 7KB - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 54KB - Virtual size: 104KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 80KB

.rsrc
Size: 3KB - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 316KB - Virtual size: 752KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 20KB - Virtual size: 124KB

.rsrc
Size: 14KB - Virtual size: 60KB

.reloc
Size: 26KB - Virtual size: 68KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 36KB

.reloc
Size: 1KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 1024B - Virtual size: 556B

.rdata
Size: 512B - Virtual size: 404B

.ecode
Size: 238KB - Virtual size: 238KB

.rsrc
Size: 2KB - Virtual size: 2KB