d26931d0450252590a7090c46d70f951_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d26931d0450252590a7090c46d70f951_JaffaCakes118
Size

13.8MB
MD5

d26931d0450252590a7090c46d70f951
SHA1

6f0d8feeb3518c12e2c77bd2fee343f4e355329d
SHA256

1870b01e34e63e03d493053e9dabf6236abbc7db134ceb17dbf70bf014d7d7ea
SHA512

60d7109f4e84a6e13c0e4422d1f81b069b7e1e8b795546ee39ee0519bec4dea4f86ac1e049b3d27e7e9d9f8eab8ad1875cad418a3f7f4d5c1371087c2007a88e
SSDEEP

393216:BYdfTLj6LqLA9IOxY0cMWlrQnram7nTeE1X9tDhrAVvy:aN3jGqLA9IX0clhyTeE1xrZ

Score

7^/10

vmprotect upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/lolxc.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/XC.dll	upx
static1/unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/lolxc.dll	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/LOL星辰辅助超强脚本9.4.exe	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/LOL星辰辅助超强脚本9.4.exe
unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/XC.dll
unpack001/lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/lolxc.dll

Files

d26931d0450252590a7090c46d70f951_JaffaCakes118
.rar
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/LOL星辰辅助超强脚本9.4.exe
.exe windows:5 windows x86 arch:x86

14317015848acd5fcd44881190afe238

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamProperty

ws2_32

getpeername

rasapi32

RasHangUpA

kernel32

GetVersionExA
GetVersion
EnumResourceTypesW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnableWindow

gdi32

StartDocA

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize

oleaut32

SysAllocStringLen

comctl32

ord17

oledlg

ord8

wininet

InternetReadFile

comdlg32

GetFileTitleA

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/SkinInfo.cfg
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/XC.dll
.dll regsvr32 windows:5 windows x86 arch:x86

945e2653b0fb69651c6f76f6e3860544

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
SetEndOfFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageW

gdi32

SetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW

advapi32

LookupPrivilegeValueW

shell32

ShellExecuteW

shlwapi

PathIsUNCW

ole32

CoTaskMemAlloc

oleaut32

UnRegisterTypeLi

oledlg

OleUIBusyW

wininet

InternetOpenUrlW

iphlpapi

GetAdaptersInfo

oleacc

LresultFromObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/lolxc.dat
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/lolxc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

�˵�

Sections

UPX0
Size: - Virtual size: 632KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/【必须看的说明】不看别找客服.txt
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/F8 F9中文翻译.txt
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/F8 F9对照翻译.jpg
.jpg
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/使用说明.txt
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/必须安装的组件.url
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/插件注册失败打开.bat
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/游戏卡解决办法.jpg
.jpg
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/秒杀预判使用方法.txt
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/使用说明/连招说明.txt
lolxc/LOL星辰辅助V9.4【超强脚本+超强躲避】/免费天卡赠送.url
.url
lolxc/下载银行-提供免费绿色软件下载.url
.url
lolxc/下载银行.txt

Sharing

General

Malware Config

Signatures

Files

14317015848acd5fcd44881190afe238

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: 872KB - Virtual size: 869KB

.rdata Size: 9.0MB - Virtual size: 9.0MB

.data Size: 80KB - Virtual size: 324KB

.vmp0 Size: 3.7MB - Virtual size: 3.7MB

.vmp1 Size: 168KB - Virtual size: 164KB

.rsrc Size: 36KB - Virtual size: 35KB

945e2653b0fb69651c6f76f6e3860544

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oledlg

wininet

iphlpapi

oleacc

Exports

Exports

Sections

.text Size: 463KB - Virtual size: 462KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 16KB - Virtual size: 36KB

.UPX0 Size: 2.2MB - Virtual size: 2.2MB

.tls Size: 512B - Virtual size: 24B

.UPX1 Size: 142KB - Virtual size: 142KB

.reloc Size: 33KB - Virtual size: 32KB

.rsrc Size: 11KB - Virtual size: 11KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 632KB

UPX1 Size: 304KB - Virtual size: 304KB

.rsrc Size: 7KB - Virtual size: 8KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 872KB - Virtual size: 869KB

.rdata
Size: 9.0MB - Virtual size: 9.0MB

.data
Size: 80KB - Virtual size: 324KB

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

.vmp1
Size: 168KB - Virtual size: 164KB

.rsrc
Size: 36KB - Virtual size: 35KB

.text
Size: 463KB - Virtual size: 462KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 16KB - Virtual size: 36KB

.UPX0
Size: 2.2MB - Virtual size: 2.2MB

.tls
Size: 512B - Virtual size: 24B

.UPX1
Size: 142KB - Virtual size: 142KB

.reloc
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 11KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 632KB

UPX1
Size: 304KB - Virtual size: 304KB

.rsrc
Size: 7KB - Virtual size: 8KB

.rmnet
Size: 56KB - Virtual size: 60KB