dc9c861b65a7eaf8250fbad9fc9d76d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc9c861b65a7eaf8250fbad9fc9d76d1_JaffaCakes118
Size

1.5MB
MD5

dc9c861b65a7eaf8250fbad9fc9d76d1
SHA1

34dbf0f2cfc16531e3b95ab830341938ccf55e6a
SHA256

7a7df6217a8b166a1236dec5c71ab493123fd93fc01c8af3ed8dad046e956d56
SHA512

d5c31b595d3cb0319632c89b0ecab036a84eef276ace97d048bc744f441a38c77e32c42d942fcda46cbbdbaf855e1cea8a604857e804707fcf893968e8d685a7
SSDEEP

24576:AhsYl6up8qfDnUpMsHINE9s/9XqHe+YynBhOz7myWnbEMWao2XeghE:Fcp8qfDU+HEu/9a/YCCWnbVlXfhE

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoUpdate.exe
unpack001/ExcelPlus.exe
unpack001/FlexCell.dll
unpack001/Ionic.Zip.dll

Files

dc9c861b65a7eaf8250fbad9fc9d76d1_JaffaCakes118
.rar
AutoUpdate.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\软件公司\制造部\中止开发的项目\AutoUpdate\AutoUpdate\obj\x86\Release\AutoUpdate.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExcelPlus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\软件公司\制造部\Chinese\net2.0\ExcelPlus\ExcelPlus\obj\x86\Release\ExcelPlus.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Export.dll
FlexCell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\v1.9.1.5\DotNetZip\Zip Full DLL\obj\Release\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings.ini
Templates/借入账本.tpl
Templates/借出账本.tpl
Templates/家庭账本.tpl
Templates/支出账本.tpl
Templates/收入账本.tpl
Templates/新云软件.url
.url
bird.wav
help.chm
.chm
xss32.ico
升级说明.txt
演示/2011家庭账本.xss
演示/2011年支出.xss
演示/Noname3.xss
演示/凭证.xss
演示/出库明细.xss
演示/单位.xss
演示/员工.xss
演示/学生成绩.xss
演示/摩托车.xss
演示/行政区域.xss
演示/订单.xss
通用商品条形码目录.xls
.xls windows office2003

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 676KB - Virtual size: 675KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 432KB - Virtual size: 432KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 676KB - Virtual size: 675KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 432KB - Virtual size: 432KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B