Overview

overview

7

Static

static

7

地球人�...or.exe

windows7-x64

7

地球人�...or.exe

windows10-2004-x64

7

地球人�...��.exe

windows7-x64

3

地球人�...��.exe

windows10-2004-x64

3

地球人�...��.chm

windows7-x64

1

地球人�...��.chm

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    be19db4fb869697eefa8efd09c1e21d3_JaffaCakes118

  • Size

    596KB

  • MD5

    be19db4fb869697eefa8efd09c1e21d3

  • SHA1

    8b397da76c7dc6e4398b4429252f12d8bfe591ed

  • SHA256

    c1312a433e81b14f092b12604ab074cf17277297530df87c510b9c36a74073bb

  • SHA512

    d389b57eb57d1e66ea942b5a5745e153aef64ba6566b76542c3e86cb91da150e4433bb6594060a9a0b481540168b1a931b830131c53423a1338d09285efb69ac

  • SSDEEP

    12288:tvP+vpMBWxNdWM7U/PIJ66gGz9LmkB/IreMENb5TOtf0VAQeXb2:lE8WBXYYngGpLmkVIrBETeXb2

Score
7/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • be19db4fb869697eefa8efd09c1e21d3_JaffaCakes118
    .rar
  • )!双击导入.reg
  • 下载使用说明.txt
  • 地球人上网掉线终结者V1.0/Notify.wav
  • 地球人上网掉线终结者V1.0/Setting.ini
  • 地球人上网掉线终结者V1.0/Terminator.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 地球人上网掉线终结者V1.0/地球人上网掉线终结者V1.0内存注册机.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • 地球人上网掉线终结者V1.0/帮助.chm
    .chm