b8720f2f629cb2b87ca7f210034fb0dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8720f2f629cb2b87ca7f210034fb0dd_JaffaCakes118
Size

378KB
MD5

b8720f2f629cb2b87ca7f210034fb0dd
SHA1

f9175c523aeb50142a06badeae338675f594048c
SHA256

3960ce219ec34cc524e2c6658de4975fe62534c0a0c3b56adbfd0c7a095d131a
SHA512

4812d776d3a382c5e457fd96f85e499c00247681095192f660b05ec3521bac284e3cb675bd64454d6f4a9d2a6b8bf6f32525a5e2645214e13c00c3d3742ad69b
SSDEEP

6144:Yq2c/5GIMWmoICc/P8nY5G0sZThQyX0kmTzXXciyBPt7HsRpcriroBDwVPKSBm14:Yq2XIetXYCGfZThQyEkYrMiyBV7HRWoQ

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/xr.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Xr32.xll
unpack001/orcmn.dll
unpack001/xr.exe
unpack001/注册.exe

Files

b8720f2f629cb2b87ca7f210034fb0dd_JaffaCakes118
.rar
Xr32.xll
.xll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FileRecover
IsEnvReady
SetBreakFlag
XRecovery
xlAddInManagerInfo
xlAutoClose
xlAutoOpen
xlAutoRegister

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.inf
orcmn.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?KeyboardProc@@YGJHIJ@Z
AfterProc
CheckRegPath
CheckVersion
DrawItem
FindWindowPart
GetCurLang
GetExtStr
GetFileName
GetFilter
GetFullName
GetGrText
GetGreetingStr
GetHomeURL
GetMenuItemText
GetOEStorageDir
GetOrderURL
GetPassword
GetRecentDir
GetShortName
GetString
GetSupportEMAIL
GetSupportURL
GetUrls
HiBox
Initialize
LoadLocalMenu
Log
NotifyMsg
ORdiag
OnAbout
OnSupport
ReadProfileInt
ReadProfileString
SetRecentDir
isDAOready

Sections

nsp0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsp1
Size: 86KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 108KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xr.ico
下载说明.htm
.html .js polyglot
注册.exe
.exe windows:4 windows x86 arch:x86

66b18ad74eb7db9d498d7ab6c08faba7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
WaitForSingleObject
CreateProcessA
WriteFile
CreateFileA
GetModuleFileNameA
GetTickCount
LockResource
LoadResource
FindResourceA
GetTempPathA
CloseHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
GetModuleHandleA
GetCommandLineA

user32

LoadStringA
wsprintfA

shlwapi

StrToIntA

msvcrt

strcat
strlen
malloc
_strlwr
strcpy
strcmp

Sections

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 312KB - Virtual size: 309KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 36KB - Virtual size: 55KB

.reloc Size: 28KB - Virtual size: 24KB

Headers

File Characteristics

Exports

Exports

Sections

nsp0 Size: - Virtual size: 292KB

nsp1 Size: 86KB - Virtual size: 93KB

Headers

File Characteristics

Sections

Size: 108KB - Virtual size: 240KB

Size: 22KB - Virtual size: 132KB

Size: 512B - Virtual size: 8KB

Size: 3KB - Virtual size: 8KB

.rsrc Size: 7KB - Virtual size: 28KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

66b18ad74eb7db9d498d7ab6c08faba7

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

msvcrt

Sections

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 36KB - Virtual size: 55KB

.reloc
Size: 28KB - Virtual size: 24KB

nsp0
Size: - Virtual size: 292KB

nsp1
Size: 86KB - Virtual size: 93KB

.rsrc
Size: 7KB - Virtual size: 28KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 4KB