8505d1cd7770a42443e9671672e9570f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8505d1cd7770a42443e9671672e9570f_JaffaCakes118
Size

623KB
MD5

8505d1cd7770a42443e9671672e9570f
SHA1

ed4fa3526589427523017b738257cd91b3ab4978
SHA256

b8297a67fa973cd8bc65443c81b4e806b868160b4c63866e9f5d7370f50da015
SHA512

eeb5c0fb778fee9b27d8e99b98c904906b496effc899faf1784a5aa4ca6e39df7e0992c1a6fa00e47e294faed16058ec14cca0399c6534c7794b0a078f0a346c
SSDEEP

12288:a0tDwqnXFPQc/oErC3xxmhooqpnAGtVnoMgq4QGY4Mq8mYC:zNCBk6DHobq4Mq8/C

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/MyIE.exe	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MyIE.exe
unpack001/Plugin/SnapShot/CameraDll.dll
unpack001/Plugin/SnapShot/SnapShot.exe

Files

8505d1cd7770a42443e9671672e9570f_JaffaCakes118
.rar
Language/ChineseGB.ini
MyIE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 267KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MyIE.exe.manifest
.xml
MyIEHelp.htm
.html
Plugin/FlashSaveGB/FlashSave.html
.html .js polyglot
Plugin/FlashSaveGB/hot.ico
Plugin/FlashSaveGB/plugin.ini
Plugin/KillAd/killad.htm
.html .js polyglot
Plugin/KillAd/killad.ico
Plugin/KillAd/plugin.ini
Plugin/MouseUnlock/MouseUnlock.htm
.html .js polyglot
Plugin/MouseUnlock/MouseUnlock.ico
Plugin/MouseUnlock/plugin.ini
Plugin/PageZoomMore/icon.ico
Plugin/PageZoomMore/plugin.ini
Plugin/PageZoomMore/script.htm
.html
Plugin/SnapShot/CameraDll.dll
.dll windows:4 windows x86 arch:x86

1c21b3d3e16117724ac2ad804c0c0eed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3136
ord4465
ord2985
ord3081
ord2976
ord3259
ord3262
ord3830
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord3831
ord561
ord815
ord2514
ord6467
ord641
ord795
ord3953
ord3663
ord5450
ord6394
ord823
ord5440
ord6383
ord5265
ord4998
ord6052
ord825
ord1775
ord4407
ord4078
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord2859
ord2864
ord324
ord4234
ord4853
ord4376
ord4710
ord2379
ord6453
ord5241
ord3626
ord2414
ord4133
ord4297
ord5788
ord2982
ord3147
ord6197
ord6380
ord772
ord5860
ord500
ord6055
ord1776
ord5290
ord3402
ord3721
ord818
ord567
ord2302
ord4299
ord1146
ord1168
ord654
ord341
ord3571
ord800
ord5981
ord6195
ord6215
ord613
ord3920
ord289
ord2086
ord4274
ord816
ord5781
ord1641
ord562
ord4476
ord5875
ord6199
ord2301
ord6334
ord2452
ord1175
ord535
ord2818
ord4160
ord540
ord640
ord5785
ord1640
ord323
ord860
ord3619
ord755
ord6172
ord5789
ord470
ord2754
ord3610
ord656
ord4275
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord5714
ord5289
ord5307
ord4698
ord4079
ord472
ord6119
ord3693
ord3706
ord1116
ord1176
ord1197
ord1575
ord1577
ord1182
ord342
ord1243
ord269
ord1570
ord1253
ord1255
ord1578
ord600
ord826

msvcrt

malloc
__CxxFrameHandler
strcmp
memcpy
memset
_purecall
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
free
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

LocalFree
Sleep
GetPrivateProfileIntA
CreateMutexA
GetLastError
CloseHandle
LocalAlloc
WritePrivateProfileStringA

user32

SetClipboardData
EmptyClipboard
CloseClipboard
LoadCursorA
LoadIconA
SetCursor
GetClientRect
PostMessageA
LoadBitmapA
ReleaseCapture
GetCursorPos
SetCapture
EnableWindow
GetParent
ScreenToClient
WindowFromPoint
GetWindowRect
InvalidateRect
KillTimer
OffsetRect
GetClassNameA
PtInRect
EqualRect
SetTimer
IsRectEmpty
SetRect
SetRectEmpty
GetWindowDC
ReleaseDC
SendMessageA
ShowWindow
GetDesktopWindow
GetWindow
GetWindowLongA
OpenClipboard

gdi32

SelectObject
GetDeviceCaps
BitBlt
GetPixel
CreateRectRgn
DeleteDC
CreateCompatibleDC
CreateBitmapIndirect
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
GetStockObject

Exports

Exports

CameraSubArea
CameraWindow
CameraWindowLikeSpy

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYSHARE
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/SnapShot/SnapShot.exe
.exe windows:4 windows x86 arch:x86

d8ac346f6f2ffd1c9d9c3d1ed6730991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
GetProcAddress
LoadLibraryA
Sleep
GetFileType
GetEnvironmentVariableA
GetStringTypeA
LCMapStringW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
FreeLibrary
GetStdHandle
GetCPInfo
GetStringTypeW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA

user32

MessageBoxA
LoadIconA
RegisterClassExA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugin/ViewPage/ViewPage_cn.htm
.html .js polyglot
Plugin/ViewPage/plugin.ini
Plugin/ViewPage/readme.txt
Plugin/ViewPage/v.ico
Resource/CollectorScript.txt.default
.js
Resource/DownManager.ini.default
.vbs
Resource/Filter.ini.default
Resource/MyIE.ini.default
Resource/PopFilter.WAV
Resource/Proxy.ini.default
.js
Resource/RESOURCE.HTM
.html
Resource/SearchEngine.ini.default
Resource/Start.htm
.html .js polyglot
Resource/StartEn.htm
.html .js polyglot
Resource/baidu.ico
Resource/function.js
.js
Resource/google.ico
Resource/image.ico
Resource/shopping.ico
Skin/Cartoon/BackGround.bmp
Skin/Cartoon/FavBar.bmp
Skin/Cartoon/Go.bmp
Skin/Cartoon/MainTool16.bmp
Skin/Cartoon/MainTool24.bmp
Skin/Cartoon/MainToolGray16.bmp
Skin/Cartoon/MainToolGray24.bmp
Skin/Cartoon/Skin.ini
Skin/Cartoon/StatusTool.bmp
Skin/Cartoon/SystemBar.bmp
Skin/Cartoon/TaskBar.bmp
Skin/Default/BackGround.bmp
Skin/Default/FavBar.bmp
Skin/Default/Go.bmp
Skin/Default/MainAnimIcon.bmp
Skin/Default/MainMenu.bmp
Skin/Default/MainTool16.bmp
Skin/Default/MainTool24.bmp
Skin/Default/MainToolGray16.bmp
Skin/Default/MainToolGray24.bmp
Skin/Default/SearchBar.bmp
Skin/Default/StatusTool.bmp
Skin/Default/SystemBar.bmp
Skin/Default/TaskBar.bmp
Skin/Grid/BackGround.bmp
Skin/Grid/FavBar.bmp
Skin/Grid/Go.bmp
Skin/Grid/MainAnimIcon.bmp
Skin/Grid/StatusTool.bmp
Skin/Grid/SystemBar.bmp
Skin/Grid/TaskBar.bmp
thanks.txt
安装必读.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 267KB - Virtual size: 664KB

.rdata Size: 34KB - Virtual size: 148KB

.data Size: 9KB - Virtual size: 52KB

.rsrc Size: 32KB - Virtual size: 120KB

.aspack Size: 14KB - Virtual size: 16KB

.adata Size: - Virtual size: 4KB

1c21b3d3e16117724ac2ad804c0c0eed

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4KB

.MYSHARE Size: 4KB - Virtual size: 8B

.rsrc Size: 36KB - Virtual size: 32KB

.reloc Size: 4KB - Virtual size: 3KB

d8ac346f6f2ffd1c9d9c3d1ed6730991

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 267KB - Virtual size: 664KB

.rdata
Size: 34KB - Virtual size: 148KB

.data
Size: 9KB - Virtual size: 52KB

.rsrc
Size: 32KB - Virtual size: 120KB

.aspack
Size: 14KB - Virtual size: 16KB

.adata
Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4KB

.MYSHARE
Size: 4KB - Virtual size: 8B

.rsrc
Size: 36KB - Virtual size: 32KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 19KB