975d4f6e919f848ac883fb2616df47ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

975d4f6e919f848ac883fb2616df47ca_JaffaCakes118
Size

21.5MB
MD5

975d4f6e919f848ac883fb2616df47ca
SHA1

4230d03875cb1893ac4424c2644820bc3587d976
SHA256

301d444fe0b9cdd224385b0c973b307c9a7639f79755d2eba738c94b221aefab
SHA512

82db57621dfc64ab1f0050a88de32ab215b2da47d358dfe417a8226e3647e81be3e9c6ec09246ff1e9068c8d09ff0bd748adc4cac102a4788fb79be62a921b64
SSDEEP

393216:y1AGsVKuv6/dTwu2lVWyaQxmPystlKA+VYSkpIZjnWD3NIbLa6iEIB+BrXA:yaG87ETOnaimPysK7YSUinWD3MLQ+BrQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PGPDesktop906_Inner.exe
unpack001/keygen.exe

Files

975d4f6e919f848ac883fb2616df47ca_JaffaCakes118
.rar
PGPDesktop906_Inner.exe
.exe windows:4 windows x86 arch:x86

624a8ff4afb53d277363aec53238c3b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetSystemInfo
VirtualProtect
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetVersionExA
LCMapStringA
SetEndOfFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCPInfo
GetOEMCP
CreateFileW
CreateFileA
InitializeCriticalSection
VirtualQuery
InterlockedExchange
RtlUnwind
GetEnvironmentStringsW
GetTempPathA
GetCommandLineA
GetLastError
FindResourceA
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
GetProcAddress
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetACP
LCMapStringW
WideCharToMultiByte
SetFilePointer
CreateDirectoryW
CreateDirectoryA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetStdHandle
WriteFile
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

DialogBoxParamA
GetWindowLongA
BeginPaint
IsWindowEnabled
DrawTextA
EndPaint
EndDialog
GetSysColor
SetWindowLongA
SendDlgItemMessageA
SetWindowTextA
MoveWindow
SetForegroundWindow
SetTimer
LoadBitmapA
EnableWindow
SendMessageA
InvalidateRect
GetDC
ReleaseDC
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA
GetWindowRect
GetSystemMetrics
SetWindowPos
LoadStringA
MessageBoxA
MessageBoxW
GetDlgItem

gdi32

CreateDIBitmap
CreatePalette
SelectPalette
RealizePalette
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetStockObject
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
SelectObject
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PGPDesktop906_Inner.exe.sig
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.htm
.html .js polyglot
安装说明.txt

Sharing

General

Malware Config

Signatures

Files

624a8ff4afb53d277363aec53238c3b8

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 124KB - Virtual size: 120KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 105KB - Virtual size: 108KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 124KB - Virtual size: 120KB

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 105KB - Virtual size: 108KB

.rsrc
Size: 1KB - Virtual size: 4KB