dee28327c389f214cc1f9441397ebf9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dee28327c389f214cc1f9441397ebf9c_JaffaCakes118
Size

872KB
MD5

dee28327c389f214cc1f9441397ebf9c
SHA1

47df7e5b3f70c973908aa3c6f3852d764269f7ff
SHA256

b31433eccf7a6d4a0d4f631b9cfe90cb5cae15cfd91e5822ac7bd2367d68021d
SHA512

4cc33e0a1db08db6c03a76eff9dc94f332a1f65f661b7617f2b536891c09a0c7eeb52d26ddfbddeb6ae2421e8702b7c5290c7c39e4186de8ea6c0f275234afd0
SSDEEP

24576:aAAAyh+Yz8xOwjrtsG3+2v35wEt0T9shD1N56iZE:aNAyhpUJjrtscePT9saiZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/InPageSafe.dll
unpack001/TableHelper.exe

Files

dee28327c389f214cc1f9441397ebf9c_JaffaCakes118
.rar
BackUp/2000XP停止打印.bat
BackUp/ARP本机绑定.bat
BackUp/C盘转换为NTFS格式.cmd
BackUp/WIN2003 IIS最小权限分配.bat
BackUp/XP服务优化批处理.bat
BackUp/dir.bat
BackUp/dos下重启.bat
BackUp/guest.bat
BackUp/win2000关机命令.bat
BackUp/winxp修改计算机名.bat
BackUp/xp下确定最后的盘符.bat
BackUp/不显示扩展名.bat
BackUp/不显示隐藏文件.bat
BackUp/中文显示ping结果.bat
.bat .vbs
BackUp/使用WMI别名获取CPU信息.bat
BackUp/全盘删除所有文件夹下的_desktop.ini.bat
.bat .vbs
BackUp/关闭IDE通道检测.bat
BackUp/列举进程.bat
BackUp/删除大小和类型一样的文件.bat
BackUp/删除所有分区的默认共享.bat
BackUp/判断光驱是否可用.bat
BackUp/判断光驱里有无光盘.bat
BackUp/判断分区格式.bat
.bat .vbs
BackUp/刷新策略.bat
BackUp/取得硬盘数.bat
BackUp/右键添加bat.bat
BackUp/右键添加打开MS-DOS.bat
BackUp/将cwindows.复制到当前目录并显示进度.bat
.bat .vbs
BackUp/弹出光驱.bat
BackUp/打开快捷方式指向的目录.bat
BackUp/批处理读注册表的Run下面的值.bat
BackUp/按扩展名分类.bat
BackUp/改变我的文档路径.bat
BackUp/断开网络联结.bat
BackUp/新云软件.url
.url
BackUp/显示c盘～z盘.bat
BackUp/显示扩展名.bat
BackUp/显示用户名.bat
BackUp/显示网络配置.bat
BackUp/显示自己的IP.bat
BackUp/显示隐藏文件.bat
BackUp/更改电源管理方式.bat
.bat .vbs
BackUp/更改盘符.bat
.bat .vbs
BackUp/更改系统启动菜单的时间.bat
BackUp/枚举当前目录及子目录大小.bat
BackUp/枚举显示.bat
BackUp/查找最新的文件.bat
.bat .vbs
BackUp/查看工作组.bat
BackUp/查看物理内存.bat
BackUp/查看用户是否存在.bat
BackUp/查看电脑硬件信息.bat
BackUp/查看网关的MAC地址.bat
BackUp/查看进程使用的端口.bat
BackUp/查看驱动器.bat
.bat .vbs
BackUp/检查网络信息.bat
BackUp/每个目录占用的空间.bat
BackUp/百度关键字搜索.bat
BackUp/禁止保留文档记录.bat
BackUp/绑定网关的批处理及预留维护提到.bat
BackUp/结束进程.bat
BackUp/给每个盘添加卷标.cmd
BackUp/自动改回主页.bat
BackUp/自定义配置网络ip、网关、dns.bat
BackUp/被锁定帐户.bat
BackUp/解锁注册表.BAT
BackUp/输出倒文.bat
.bat .vbs
BackUp/重命名administrator账号.bat
BackUp/锁注册表.BAT
Bin/InPageSafe.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CloseDLLFrm
LockAnQuanFrm
LockDelFrm
LockFpotrFrm
LockRunStartFrm
LockServerFrm
LockSysStartFrm
LockjinchenFrm
lockJCFilesFrm

Sections

CODE
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TableHelper.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
conf/RunHelp.txt
conf/serverRun.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 1.7MB - Virtual size: 1.7MB

DATA Size: 14KB - Virtual size: 14KB

BSS Size: - Virtual size: 5KB

.idata Size: 11KB - Virtual size: 11KB

.edata Size: 512B - Virtual size: 271B

.reloc Size: 136KB - Virtual size: 135KB

.rsrc Size: 112KB - Virtual size: 112KB

Headers

File Characteristics

Sections

CODE Size: 514KB - Virtual size: 513KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 33KB - Virtual size: 33KB

.rsrc Size: 159KB - Virtual size: 159KB

CODE
Size: 1.7MB - Virtual size: 1.7MB

DATA
Size: 14KB - Virtual size: 14KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 11KB - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 271B

.reloc
Size: 136KB - Virtual size: 135KB

.rsrc
Size: 112KB - Virtual size: 112KB

CODE
Size: 514KB - Virtual size: 513KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 159KB - Virtual size: 159KB