8b3837b448cf42f98b2300ae6d3b35c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8b3837b448cf42f98b2300ae6d3b35c5_JaffaCakes118
Size

1.3MB
MD5

8b3837b448cf42f98b2300ae6d3b35c5
SHA1

5e958ca5b01e71e93f0641b15d89527ac0fa1614
SHA256

135ed62f47576c389d01603e3cae39c7f6bd889e32afe1b909a662ee4a04a1e4
SHA512

0cb8b9b2f9491009967c29e6df1b9301b6b6d1b27f46f1570a471adaec6aaaf64d65296337eb380abc12746101591b50cb4dcae26daadd9547cdaa1dc90ffe92
SSDEEP

24576:4mQE+5fga+VjUHbIRxpp5KfXLNoDaZBG4wAHfVwieh0YIFM5J3Ehti+2yZYl83QZ:4mQ/5n+2bIRnKfLyU04jHfVArr3F+FZs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/天涯易栈编程助手/UPDATE.exe	upx
static1/unpack001/天涯易栈编程助手/天涯易栈编程助手.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/天涯易栈编程助手/UPDATE.exe
unpack001/天涯易栈编程助手/data/pslsg.dll
unpack001/天涯易栈编程助手/天涯易栈编程助手.exe

Files

8b3837b448cf42f98b2300ae6d3b35c5_JaffaCakes118
.rar
天涯易栈编程助手/UPDATE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 620KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
天涯易栈编程助手/data/Config.ini
天涯易栈编程助手/data/dat.lst
天涯易栈编程助手/data/pslsg.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f2c3a8ffe62eddb65323621d30a75f77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetLastError
GetTickCount
GetWindowsDirectoryA
GetSystemTime
GlobalSize
GetVersionExA
WideCharToMultiByte
MulDiv
FreeLibrary
LoadLibraryA
lstrcpyA
GlobalAlloc
GlobalLock
MultiByteToWideChar
GlobalUnlock
GlobalFree
lstrlenA
LocalAlloc
InterlockedDecrement

user32

SetMenu
LoadMenuA
PostMessageA
GetSubMenu
GetCursorPos
GetMenuState
CheckMenuItem
EnableMenuItem
LoadBitmapA
ClientToScreen
GetDesktopWindow
FillRect
SetCursor
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
RegisterClipboardFormatA
SetTimer
TabbedTextOutA
GrayStringA
GetFocus
ScreenToClient
CloseClipboard
ReleaseDC
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
InvertRect
ClipCursor
SetClipboardData
CopyIcon
GetDoubleClickTime
IsWindowVisible
WindowFromPoint
SetRectEmpty
LoadImageA
GetClassInfoA
PtInRect
GetClientRect
KillTimer
GetDC
GetWindowLongA
GetParent
InvalidateRect
SendMessageA
CallWindowProcA
DefWindowProcA
LoadCursorA
ReleaseCapture
GetMessagePos
GetCapture
SetCapture
SystemParametersInfoA
OffsetRect
InflateRect
DrawEdge
GetWindowRect
EnableWindow
CopyRect
GetSystemMetrics
RedrawWindow
IsWindow
EmptyClipboard
GetSysColor
DrawFrameControl
DrawTextA
DrawFocusRect
SetWindowLongA
SetRect

gdi32

EnumFontsA
GetStockObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
ExtCreatePen
DeleteDC
CreateDCA
GetTextColor
GetCurrentObject
SelectObject
GetDeviceCaps
TextOutA
Escape
CreateFontIndirectA
RealizePalette
CreatePen
GetTextExtentPoint32A
CreateSolidBrush
StartDocA
StartPage
EndPage
EndDoc
AbortDoc
PatBlt
CreatePalette
GetBkColor
GetObjectA
Rectangle
GetTextMetricsA
SetBkColor
SetTextColor
ExtTextOutA
RectVisible
PtVisible

winspool.drv

EnumPrintersA
DeviceCapabilitiesA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
GetPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ole32

StgCreateDocfile
CoUninitialize
CoInitialize

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
LoadRegTypeLi

riched20

ord4

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

mfc42

ord4081
ord3080
ord2986
ord3269
ord4466
ord3260
ord4624
ord2983
ord2384
ord2954
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord5008
ord4603
ord5825
ord723
ord3946
ord423
ord1614
ord2541
ord4949
ord5033
ord6370
ord2795
ord4459
ord4743
ord3138
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord1243
ord342
ord1182
ord1577
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023
ord4689
ord4648
ord4666
ord4667
ord4668
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord1575
ord1116
ord1132
ord3148
ord860
ord825
ord800
ord858
ord922
ord926
ord2818
ord540
ord535
ord823
ord4278
ord6282
ord2614
ord537
ord939
ord539
ord1601
ord1832
ord5651
ord3663
ord1641
ord2414
ord3619
ord3626
ord4275
ord6199
ord2864
ord4218
ord2578
ord3402
ord2411
ord2023
ord6055
ord4078
ord1776
ord4398
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3582
ord616
ord567
ord3874
ord2080
ord925
ord3317
ord613
ord5789
ord2860
ord289
ord6283
ord2575
ord3574
ord4396
ord609
ord1795
ord3089
ord2379
ord5875
ord5787
ord283
ord2859
ord4284
ord4299
ord6880
ord4407
ord3742
ord3692
ord809
ord818
ord556
ord2152
ord1233
ord4809
ord755
ord470
ord1088
ord2122
ord641
ord2513
ord293
ord3693
ord5791
ord5788
ord472
ord2753
ord2754
ord940
ord4204
ord6648
ord924
ord6779
ord2763
ord4202
ord6662
ord5216
ord3758
ord3408
ord3227
ord3054
ord3425
ord3880
ord5440
ord6383
ord5450
ord6394
ord941
ord5794
ord4083
ord1938
ord1270
ord1232
ord1168
ord2380
ord6215
ord2086
ord6172
ord5981
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord4268
ord5086
ord4454
ord4497
ord5883
ord4163
ord4147
ord6625
ord686
ord807
ord384
ord554
ord6615
ord2862
ord2408
ord3571
ord2096
ord1146
ord2920
ord5884
ord2921
ord2012
ord3708
ord781
ord5572
ord4277
ord2915
ord2919
ord4220
ord2584
ord3654
ord1644
ord2438
ord804
ord656
ord6070
ord3061
ord3486
ord5937
ord6270
ord2863
ord5821
ord3662
ord414
ord713
ord5604
ord5859
ord640
ord2405
ord6189
ord5785
ord1640
ord323
ord3754
ord2634
ord6128
ord3752
ord4133
ord4297
ord801
ord541
ord6663
ord2764
ord5265
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord3610
ord324
ord2294
ord2362
ord2301
ord2302
ord4234
ord4710
ord6334
ord2370
ord2516
ord361
ord2366
ord2587
ord4406
ord3394
ord3729
ord4376
ord483
ord763
ord3092
ord4853
ord2364
ord2642
ord3721
ord795
ord3067
ord482
ord1783
ord2938
ord5655
ord2645
ord6197
ord6605
ord6141
ord6143
ord6883
ord2740
ord2801
ord3920
ord2065
ord1871
ord1567
ord268
ord4129
ord5678
ord5736
ord3797
ord5608
ord6781
ord3811
ord5933
ord3337
ord6741
ord6508
ord6919
ord6613
ord6766
ord1949
ord812
ord2841
ord1200
ord1205
ord1176
ord4160
ord559
ord2809
ord2970
ord4287
ord2450
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6021
ord5873
ord5579
ord6061
ord5864
ord3596
ord5571
ord6194
ord3573
ord5053
ord2243
ord2504
ord4042
ord1829
ord6144
ord3989
ord3984
ord5862
ord2233
ord4045
ord5610
ord2107
ord4224
ord4333
ord3127
ord3616
ord798
ord1997
ord6407
ord5194
ord536
ord350
ord533
ord5466
ord6877
ord665
ord603
ord1979
ord1969
ord273
ord353
ord2784
ord4544
ord3274
ord4622
ord3579
ord439
ord736
ord5495
ord5685
ord4226
ord5683
ord2089
ord6778
ord816
ord562
ord3719
ord793
ord6929
ord5710
ord6379
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord6467
ord1227
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326

msvcrt

__CxxFrameHandler
_CIpow
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_ftol
atol
_mbscmp
atoi
atof
_purecall
malloc
free
memmove
_mbsnbcpy
wcslen
_msize
realloc
strtol
strncpy
strtoul
strtod
rand
srand
time
localeconv
sprintf
_EH_prolog
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Draw
ImageList_Replace
ImageList_GetImageCount
ord8
ImageList_GetImageInfo

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1ostrstream@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??1_Lockit@std@@QAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_7runtime_error@std@@6B@
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
天涯易栈编程助手/天涯易栈编程助手.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 8.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 799KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 620KB

UPX1 Size: 265KB - Virtual size: 268KB

.rsrc Size: 9KB - Virtual size: 12KB

f2c3a8ffe62eddb65323621d30a75f77

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

riched20

imm32

mfc42

msvcrt

comctl32

msvcp60

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 60KB - Virtual size: 59KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 8.6MB

UPX1 Size: 799KB - Virtual size: 800KB

.rsrc Size: 72KB - Virtual size: 76KB

UPX0
Size: - Virtual size: 620KB

UPX1
Size: 265KB - Virtual size: 268KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 60KB - Virtual size: 59KB

UPX0
Size: - Virtual size: 8.6MB

UPX1
Size: 799KB - Virtual size: 800KB

.rsrc
Size: 72KB - Virtual size: 76KB