d5838ccc494cc1f65c185e97d963e00d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d5838ccc494cc1f65c185e97d963e00d_JaffaCakes118
Size

3.7MB
MD5

d5838ccc494cc1f65c185e97d963e00d
SHA1

f158b2ca7f16e29421b6bc51aab96a91afe0af42
SHA256

5d9a2939956911726070916ac704888b2bdfdd7c739813d6bd3860e7b2c8c647
SHA512

6fb106fb4ea297cc7548ee984eae9b293c2c6d3c28292ee94d574bb2011269feb710cd15db16965e4b4ee6789a4c1fbb3800b5b87165b07a9c6b9ccaa314f633
SSDEEP

98304:fEruno+BXrEnnbnl1ulSa+S7MAeAw7MVL3r0E0GvB1:f6u7rkbnTnaLevMqna

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Lx_Speed 1.5 Beta1.exe	vmprotect
static1/unpack001/破解补丁.exe	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lx_Speed 1.5 Beta1.exe
unpack001/破解补丁.exe

Files

d5838ccc494cc1f65c185e97d963e00d_JaffaCakes118
.rar
Lx_Speed 1.5 Beta1.exe
.exe windows:5 windows x86 arch:x86

c079e305259ce7a2ae4fa87a1e347e99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetLastActivePopup

gdi32

SetViewportOrgEx

winmm

waveOutUnprepareHeader

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

OleFlushClipboard

oleaut32

LoadTypeLi

comctl32

ord17

oledlg

ord8

ws2_32

ioctlsocket

wininet

InternetReadFile

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
www.gpxz.com.txt
使用教程【】必看.txt
破解补丁.exe
.exe windows:5 windows x86 arch:x86

1fb1bae1f76a967a8781ae4e29ff5c77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutPrepareHeader

ws2_32

recvfrom

kernel32

GetVersionExA
GetVersion
LocalReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawEdge

gdi32

PathToRegion

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

DragAcceptFiles

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_GetIcon

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 981KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
谷普下载-首页.url
.url

Sharing

General

Malware Config

Signatures

Files

c079e305259ce7a2ae4fa87a1e347e99

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 520KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 219KB

.vmp0 Size: - Virtual size: 901KB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

1fb1bae1f76a967a8781ae4e29ff5c77

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 583KB

.rdata Size: - Virtual size: 248KB

.data Size: - Virtual size: 260KB

.vmp0 Size: - Virtual size: 981KB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: - Virtual size: 520KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 219KB

.vmp0
Size: - Virtual size: 901KB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: - Virtual size: 583KB

.rdata
Size: - Virtual size: 248KB

.data
Size: - Virtual size: 260KB

.vmp0
Size: - Virtual size: 981KB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 20KB - Virtual size: 18KB