d2bcf1a54910b7fb8f44a9880ad0f1ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2bcf1a54910b7fb8f44a9880ad0f1ac_JaffaCakes118
Size

1.1MB
MD5

d2bcf1a54910b7fb8f44a9880ad0f1ac
SHA1

e31f5ecb58f201c0f390388d9b2ec2973f371c41
SHA256

77b612d7d9d307ee54181cb42cf424b62f8553baf06c6ff246cac5389a0c03bc
SHA512

f0f61e43d211640c5d6ff019ce36f2d6c2b7add0dafca34c691baf8fc6a720b3cef0d6e995c1055134ddff8f14613fa748bb34650ceb4332e123f1b255d968b7
SSDEEP

24576:EycGV/aamz5aisUEmATd9B7tXN1V/VyVsxudEondNdI+L:EH/dv4r91xOswESdJ

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/smenu.ExE	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/smenu.ExE
unpack001/smenuinst.exe

Files

d2bcf1a54910b7fb8f44a9880ad0f1ac_JaffaCakes118
.rar
smenu.ExE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 260KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
smenuinst.exe
.exe windows:4 windows x86 arch:x86

553f914ee6e1e1fb133827ebb080597c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ImageList_SetBkColor
ord17
ImageList_Add
ImageList_Destroy

kernel32

FindFirstFileA
CloseHandle
SetFileTime
CompareFileTime
GetFileAttributesA
GetTempFileNameA
GetTempPathA
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetFileAttributesA
Sleep
CreateFileA
GetTickCount
CopyFileA
GetFileSize
GetModuleFileNameA
DeleteFileA
lstrcpynA
GetCommandLineA
GetUserDefaultLangID
lstrlenA
GetDiskFreeSpaceA
GetVersion
CreateThread
CreateProcessA
RemoveDirectoryA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
CreateDirectoryA
lstrcpyA
GetSystemDirectoryA
MultiByteToWideChar
GlobalAlloc
GlobalFree
MulDiv
SetFilePointer
ReadFile
FindNextFileA
FindClose
lstrcmpiA
WriteFile
GetEnvironmentVariableA
ExpandEnvironmentStringsA
WaitForSingleObject
GetExitCodeProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA

user32

ShowWindow
PostQuitMessage
DestroyWindow
CreateDialogParamA
SetDlgItemTextA
SetWindowTextA
SetTimer
CharNextA
DialogBoxParamA
IsWindowEnabled
EndDialog
SetFocus
EnableWindow
SetWindowPos
ScreenToClient
SetClassLongA
GetWindowLongA
SetCursor
GetSysColor
CharPrevA
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
GetParent
MessageBoxA
SetForegroundWindow
wsprintfA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
PeekMessageA
DispatchMessageA
ExitWindowsEx
GetWindowRect
LoadImageA
GetDC
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
SetRect
FillRect
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassA
SystemParametersInfoA
GetDesktopWindow
CreateWindowExA
GetWindowTextA

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA

ole32

CoCreateInstance
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装帮助.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 260KB - Virtual size: 704KB

DATA Size: 16KB - Virtual size: 24KB

BSS Size: 1024B - Virtual size: 148KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 48KB

.rsrc Size: 100KB - Virtual size: 432KB

.aspack Size: 3KB - Virtual size: 8KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

553f914ee6e1e1fb133827ebb080597c

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 98KB

.rsrc Size: 18KB - Virtual size: 20KB

CODE
Size: 260KB - Virtual size: 704KB

DATA
Size: 16KB - Virtual size: 24KB

BSS
Size: 1024B - Virtual size: 148KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 48KB

.rsrc
Size: 100KB - Virtual size: 432KB

.aspack
Size: 3KB - Virtual size: 8KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 98KB

.rsrc
Size: 18KB - Virtual size: 20KB