aff498921b4326d76f25632dc02b43a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aff498921b4326d76f25632dc02b43a3_JaffaCakes118
Size

922KB
MD5

aff498921b4326d76f25632dc02b43a3
SHA1

b79ff9196cfee2ff73653bf1e66be14da18642f9
SHA256

a0d36cde74916575b69c64047922e6ab752c07d6953c9ec34017ec670b5ba0f3
SHA512

8f5716bdea53a7c5aa6a5b3a5e49b3852ae359d78ec845abcaba4568fc392e72f39e82c66156befe0caa5ba6fd930aba1346dcfd5bf7937e3f5c8f45182351a3
SSDEEP

24576:4/G4huN/+XqBIp69RLxyuXGyUpog10p3YV+Po:4/G2k/C2EuPUpog12Po

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ctbanlv.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ctbanlv.exe
unpack002/out.upx

Files

aff498921b4326d76f25632dc02b43a3_JaffaCakes118
.rar
ct_data_zh_CN.xml
.xml
ctbanlv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 776KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 55KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ctbanlv.up
ii23_zx/1-13级均可使用（能达到每个级别的速度上限，且最省雇员，餐室不一样请使用自动进位功能）X=11Y=12.ii23_zx
ii23_zx/新云软件.url
.url
ii23_zx/自动最优化摆桌.jpg
.jpg
ii23_zx/自动最优化摆桌X=8Y=7.ii23_zx
ii23_zx/自动最优化摆桌说明.txt
保留原配置及账号方法、帮助文档.txt
免责声明 .txt
无法打开请看.txt
更新日志.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.4MB

UPX1 Size: 776KB - Virtual size: 780KB

.rsrc Size: 13KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 1.8MB - Virtual size: 1.8MB

DATA Size: 16KB - Virtual size: 15KB

BSS Size: - Virtual size: 55KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 37B

.reloc Size: 125KB - Virtual size: 125KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 776KB - Virtual size: 780KB

.rsrc
Size: 13KB - Virtual size: 16KB

CODE
Size: 1.8MB - Virtual size: 1.8MB

DATA
Size: 16KB - Virtual size: 15KB

BSS
Size: - Virtual size: 55KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 37B

.reloc
Size: 125KB - Virtual size: 125KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB