cf572d319412a8d8a7fef476abe5f924_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf572d319412a8d8a7fef476abe5f924_JaffaCakes118
Size

717KB
MD5

cf572d319412a8d8a7fef476abe5f924
SHA1

c1d56663192f11fd2790c75afde30a2582166391
SHA256

9f88ba0b7396cf6a14511dcd2118b273b802e3ab8f8c7b4e37a02a6bcd74dc0f
SHA512

c0b8a65f6f33831c0fe978db031069dee9fe663719850f45e2cce57187dc221b414a32b071878e963eb6f85a64803f77fdf7e9ec645d0db9f690073d6fbaa90e
SSDEEP

12288:vPgGNN2ThQUmZwURmT1smKSxfQ0zvLYth6Wv/O1HkHufP8Lg59q:vIy2TcZwURmxsmrlzvOvO1H3sLd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/猜猜的7500-1000免费版(1.03).exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/猜猜的7500-1000免费版(1.03).exe

Files

cf572d319412a8d8a7fef476abe5f924_JaffaCakes118
.rar
ZiSom.Com-国内最专业的奇迹私服一条龙.url
.url
下载说明.txt
奇迹私服资源下载.url
.url
如何自己开奇迹做GM.txt
注册程序.reg
猜猜的7500-1000免费版(1.03).exe
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 288KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
访问ZiSom.Com.url
.url

Sharing

General

Malware Config

Signatures

Files

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 288KB - Virtual size: 292KB

.rsrc Size: 25KB - Virtual size: 28KB

pebundle Size: 8KB - Virtual size: 12KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 15KB - Virtual size: 16KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 90KB - Virtual size: 92KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 17KB - Virtual size: 20KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 107KB - Virtual size: 108KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 25KB - Virtual size: 28KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 1024B - Virtual size: 4KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 2KB - Virtual size: 4KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 4KB - Virtual size: 8KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 1KB - Virtual size: 4KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 41KB - Virtual size: 44KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 1024B - Virtual size: 4KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 115KB - Virtual size: 116KB

pebundle Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 288KB - Virtual size: 292KB

.rsrc
Size: 25KB - Virtual size: 28KB

pebundle
Size: 8KB - Virtual size: 12KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 15KB - Virtual size: 16KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 90KB - Virtual size: 92KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 17KB - Virtual size: 20KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 107KB - Virtual size: 108KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 25KB - Virtual size: 28KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 1024B - Virtual size: 4KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 2KB - Virtual size: 4KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 4KB - Virtual size: 8KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 1KB - Virtual size: 4KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 41KB - Virtual size: 44KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 1024B - Virtual size: 4KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 115KB - Virtual size: 116KB

pebundle
Size: 8KB - Virtual size: 8KB