ae7bca9fd9db9473d4e64f06a58a27bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae7bca9fd9db9473d4e64f06a58a27bb_JaffaCakes118
Size

1.0MB
MD5

ae7bca9fd9db9473d4e64f06a58a27bb
SHA1

f0ec6791920b005de433e2da7e1a807d04ea55b2
SHA256

04758eb512d567d4a5457b4fbff9eaaf50671fccbe9d87e8f398eace4726e71c
SHA512

01f5d2902d42dc5de6469a412ad5989dfe8268dad053904a8bcaa870f3a433d1a6e6132d80cfcc882c7387833ef85aed6367f82b272dffa580ead72e1aad6710
SSDEEP

24576:otW19pa589ZtVqgOO5kOIAPD/EDWUxL7BqH+fxe5wgLWW:otEM8jtjB5kOIyDsDWywHAxe5p

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/tiff2pdf_cmd_v2.3/ImgCvt.dll	acprotect

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/tiff2pdf_cmd_v2.3/Despeckle.dll	aspack_v212_v242
static1/unpack001/tiff2pdf_cmd_v2.3/Skewcorrect.dll	aspack_v212_v242
static1/unpack001/tiff2pdf_cmd_v2.3/tiff2pdf.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/tiff2pdf_cmd_v2.3/ImgCvt.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tiff2pdf_cmd_v2.3/Despeckle.dll
unpack001/tiff2pdf_cmd_v2.3/ImgCvt.dll
unpack001/tiff2pdf_cmd_v2.3/Skewcorrect.dll
unpack001/tiff2pdf_cmd_v2.3/tiff2pdf.exe

Files

ae7bca9fd9db9473d4e64f06a58a27bb_JaffaCakes118
.rar
tiff2pdf_cmd_v2.3/Despeckle.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?AreaOpen@@YAXPAE0HHHHH@Z
?BinaryRotation@@YAXPAE0HHHH@Z
?BinaryToGray@@YAXPAE0HH@Z
?Binary_ConnectedComponent@@YAHPAEHHPAUjBlockIndex@@AAH@Z
?CalContourDiff@@YAXPAEHHPAH@Z
?ClearRectImage@@YAXPAEHHVCRect@@@Z
?Close1@@YAXPAH0HH@Z
?Close2@@YAXPAE0HHHH@Z
?Constrict@@YAXPAEHHAAVCRect@@@Z
?Convolve1D@@YAXPAH0H0H@Z
?Convolve2D@@YAXPAE0HHPAHHH@Z
?Dilate1@@YAXPAH0HH@Z
?Dilate2@@YAXPAE0HHHH@Z
?DoExp_Filter@@YAXPANNHHN@Z
?DoGauss_Filter@@YAXPANNHHN@Z
?Erode1@@YAXPAH0HH@Z
?Erode2@@YAXPAE0HHHH@Z
?FindMinium@@YAXPAHH0@Z
?GaussDerivative_Filter@@YAXPANNHHN@Z
?GetRectImage@@YAXPAEHHVCRect@@0@Z
?GrayToBinary@@YAXPAE0HH@Z
?Histogram@@YAXPAEHHPAH@Z
?ImageArea@@YAXPAEHHAAH@Z
?JBShannon@@YAXPAEHHAAH@Z
?KSWShannon@@YAXPAEHHAAH@Z
?Manu_ConnectedComponent@@YAXPAEHHPAUConnectedComponent@@AAH@Z
?Open1@@YAXPAH0HH@Z
?Open2@@YAXPAE0HHHH@Z
?PShannon@@YAXPAEHHAAH@Z
?Print_ConnectedComponent@@YAXPAEHHPAUjBlockIndex@@AAH@Z
?ProjectionOnAxisX@@YAXPAEHHPAH@Z
?ProjectionOnAxisY@@YAXPAEHHPAH@Z
?PutRectImage@@YAXPAEHHVCRect@@0@Z
?RectConstrict@@YAXPAEHHAAVCRect@@1@Z
?RectConstrictX@@YAXPAEHHAAVCRect@@AAH@Z
?RectConstrictY@@YAXPAEHHAAVCRect@@AAH@Z
?RectHistogram@@YAXPAEHHVCRect@@PAH@Z
?RectImageArea@@YAXPAEHHVCRect@@AAH@Z
?RectProjectionOnAxisX@@YAXPAEHHVCRect@@PAH@Z
?RectProjectionOnAxisY@@YAXPAEHHVCRect@@PAH@Z
?RegionThreshold@@YAXPAE0HHVCRect@@E@Z
?Sarkar_Filter@@YAXPANNHHN@Z
?SaveBmpFile@@YAXVCString@@PAEHH@Z
?Threshold@@YAXPAE0HHE@Z
?TwoClass@@YAXPAEHHAAH@Z

Sections

.text
Size: 48KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tiff2pdf_cmd_v2.3/ImgCvt.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tiff2pdf_cmd_v2.3/Skewcorrect.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Corrent
GetError

Sections

.text
Size: 34KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tiff2pdf_cmd_v2.3/help.html
.html
tiff2pdf_cmd_v2.3/tiff2pdf.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 321KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tiff2pdf_cmd_v2.3/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 92KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 20KB

.reloc Size: 5KB - Virtual size: 12KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 580KB - Virtual size: 584KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 64KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 20KB

.reloc Size: 4KB - Virtual size: 8KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 321KB - Virtual size: 768KB

.rdata Size: 17KB - Virtual size: 268KB

.data Size: 25KB - Virtual size: 128KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 20KB

.reloc
Size: 5KB - Virtual size: 12KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 580KB - Virtual size: 584KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 64KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 8KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 321KB - Virtual size: 768KB

.rdata
Size: 17KB - Virtual size: 268KB

.data
Size: 25KB - Virtual size: 128KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB