83393245a5cfccfecc77c5a21fb4a1b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83393245a5cfccfecc77c5a21fb4a1b5_JaffaCakes118
Size

5.6MB
MD5

83393245a5cfccfecc77c5a21fb4a1b5
SHA1

7a2e3055bbae559a6b05a5693b17f334d7f22a26
SHA256

1a03b938dc17887c0a6513e62309915baac887d0812da38030e7a7663fab7e63
SHA512

dd01af67344b273d51486903bb3cee823d34212ddecf76ea0bbb3b0c4125c6cd88d0ecbc61998573720d510d4236b64354766e8f157c8dcb3f05bad751f7ce3e
SSDEEP

98304:gvZ9U9bVBQO4wAmt+9tUcHMNEH0XMHCxpF+GDgGfySuhEezpA+m75V3O+mXzll3h:gB9sZBr4wzt8KaMGHFizFNDgGftuhEer

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jiamiceshi-v6.5/加密王安装程序/BOSS客户端安装程序/客户机安装.exe
unpack001/jiamiceshi-v6.5/加密王安装程序/客户端安装程序/客户机安装.exe
unpack002/客户机安装.exe
unpack001/jiamiceshi-v6.5/加密王安装程序/客户端安装程序/环境配置工具.exe
unpack001/jiamiceshi-v6.5/加密王安装程序/打印和卸载程序/打印.时间.卸载设置.exe
unpack001/jiamiceshi-v6.5/加密王安装程序/批量加密/Microsoft.VisualBasic.Compatibility.dll
unpack001/jiamiceshi-v6.5/加密王安装程序/批量加密/Microsoft.VisualBasic.dll
unpack001/jiamiceshi-v6.5/加密王安装程序/批量加密/zh-CHS/Microsoft.VisualBasic.resources.dll
unpack001/jiamiceshi-v6.5/加密王安装程序/批量加密/批量加解密.exe

Files

83393245a5cfccfecc77c5a21fb4a1b5_JaffaCakes118
.rar
jiamiceshi-v6.5/加密王安装程序/AUTORUN.INF
jiamiceshi-v6.5/加密王安装程序/BOSS客户端安装程序/data.bat
jiamiceshi-v6.5/加密王安装程序/BOSS客户端安装程序/客户机安装.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qu_donghai\file_encrypt\管理机\网伦管理机_兼容加密_脱机控制\setup_f_WL\obj\Debug\客户机安装.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/logo.ico
jiamiceshi-v6.5/加密王安装程序/安装使用方法.doc
.doc windows office2003
jiamiceshi-v6.5/加密王安装程序/安装必须/说明.txt
jiamiceshi-v6.5/加密王安装程序/客户端安装程序/data.bat
jiamiceshi-v6.5/加密王安装程序/客户端安装程序/客户机安装.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qu_donghai\file_encrypt\管理机\网伦管理机_兼容加密_脱机控制\setup_f_WL\obj\Debug\客户机安装.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/客户端安装程序/客户端安装程序.rar
.rar
data.bat
客户机安装.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qu_donghai\file_encrypt\管理机\网伦管理机_兼容加密_脱机控制\setup_f_WL\obj\Debug\客户机安装.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/客户端安装程序/环境配置工具.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

ANVI
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

QINQ
Size: 164KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jiamiceshi-v6.5/加密王安装程序/客户端安装程序/说明.txt
jiamiceshi-v6.5/加密王安装程序/打印和卸载程序/打印.时间.卸载设置.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\华陵软件 DotNet版\安装配置程序\网伦图档保镖设置程序\图档保镖设置程序\obj\Debug\加密王设置.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/批量加密/Microsoft.VisualBasic.Compatibility.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\VS70Builds\3077\vsbuilt\retail\bin\i386\complus\Microsoft.VisualBasic.Compatibility.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/批量加密/Microsoft.VisualBasic.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.VisualBasic.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/批量加密/zh-CHS/Microsoft.VisualBasic.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/批量加密/批量加解密.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qu_donghai\file_encrypt\管理机\批量加解密_兼容加密\batch_EN_全加密\batch_EN\obj\Debug\批量加解密.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jiamiceshi-v6.5/加密王安装程序/服务端安装程序/网伦加密王.msi
.msi
jiamiceshi-v6.5/相关资料/DM资料.doc
.doc windows office2003
jiamiceshi-v6.5/相关资料/加密王技术大纲对比其它加密软件.doc
.doc windows office2003
jiamiceshi-v6.5/相关资料/精选成功案例.pdf
.pdf
jiamiceshi-v6.5/相关资料/解决方案.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 116KB - Virtual size: 114KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 116KB - Virtual size: 114KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 116KB - Virtual size: 114KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Sections

ANVI Size: - Virtual size: 292KB

QINQ Size: 164KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 8KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 52KB - Virtual size: 49KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 216KB - Virtual size: 214KB

.sdata Size: 4KB - Virtual size: 143B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 276KB - Virtual size: 272KB

.sdata Size: 4KB - Virtual size: 129B

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

.text
Size: 116KB - Virtual size: 114KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 116KB - Virtual size: 114KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 116KB - Virtual size: 114KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 12B

ANVI
Size: - Virtual size: 292KB

QINQ
Size: 164KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 52KB - Virtual size: 49KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 216KB - Virtual size: 214KB

.sdata
Size: 4KB - Virtual size: 143B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 276KB - Virtual size: 272KB

.sdata
Size: 4KB - Virtual size: 129B

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 12B