ef38165ffe16952ca8d1226ce890934f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef38165ffe16952ca8d1226ce890934f_JaffaCakes118
Size

3.1MB
MD5

ef38165ffe16952ca8d1226ce890934f
SHA1

80024f99b602bf5c74db8dc94c3c3c43fb0a9ed5
SHA256

3eabc69c185cd59d526f982c64ddea5f36a71a0f9c918c3b455e2b8db737645e
SHA512

d5f7354f12f083aeb15d779b71e052c8860dd2ffa3ccd6e1ee118ee1365ced819939ddb4220a6813ea1962e5087f5f95976936753409484fec77aae9d63eb0a2
SSDEEP

98304:a6tvy2LkCY0GPh+P7bHGVRcvJoEmn5X7Cf1:a8KfeGlVX7g

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/EAC拔苗成长指引 v3.58/其它/MP3 encoder/lame.exe	upx
static1/unpack001/EAC拔苗成长指引 v3.58/其它/MPC encoder/mppenc.exe	upx
static1/unpack001/EAC拔苗成长指引 v3.58/其它/MPC encoder/wapet.exe	upx
static1/unpack001/EAC拔苗成长指引 v3.58/其它/Ogg encoder/P4 CPU/oggenc23P4.exe	upx
static1/unpack001/EAC拔苗成长指引 v3.58/其它/Ogg encoder/oggenc2.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EAC拔苗成长指引 v3.58/其它/FLAC encoder/flac.exe
unpack001/EAC拔苗成长指引 v3.58/其它/MP3 encoder/lame.exe
unpack001/EAC拔苗成长指引 v3.58/其它/MPC encoder/mppenc.exe
unpack001/EAC拔苗成长指引 v3.58/其它/MPC encoder/wapet.exe
unpack005/out.upx
unpack001/EAC拔苗成长指引 v3.58/其它/Ogg encoder/P4 CPU/oggenc23P4.exe
unpack001/EAC拔苗成长指引 v3.58/其它/Ogg encoder/oggenc2.exe
unpack001/EAC拔苗成长指引 v3.58/其它/外部接口aspi驱动/WNASPI32.DLL

Files

ef38165ffe16952ca8d1226ce890934f_JaffaCakes118
.rar
EAC拔苗成长指引 v3.58/EAC拔苗成长指引 3.58.CHM
.chm
EAC拔苗成长指引 v3.58/下载说明.htm
.html .js polyglot
EAC拔苗成长指引 v3.58/其它/EAC无法抓轨的解决办法.mht
.eml
- http://www.x-bbs.net/bbs?id=007000
- http://www.x-sound.com/big5
- http://www.x-sound.com/gb/001/
- http://www.x-sound.com/gb/001/000/
- http://www.x-sound.com/gb/001/001/
- http://www.x-sound.com/gb/001/001/00000036.htm
- http://www.x-sound.com/gb/001/001/00000041.htm
- http://www.x-sound.com/gb/001/001/00000050.htm
- http://www.x-sound.com/gb/001/002/
- http://www.x-sound.com/gb/001/003/
- http://www.x-sound.com/gb/001/004/
- http://www.x-sound.com/gb/001/005/
- http://www.x-sound.com/gb/001/006/
- http://www.x-sound.com/gb/001/007/
- http://www.x-sound.com/gb/005/000/005/00000039.htm
- http://www.x-sound.com/gb/005/000/005/00000049.htm
- http://www.x-sound.com/index
- http://www.x-sound.com/index?id=001001-00000018&viewallmsg
- http://www.x-sound.com/index?id=005001-00000023
- http://www.x-sound.com/index?id=006
- http://www.x-sound.com/search
- http://www.x-sound.com/user
- http://www.x-sound.com/user?babe=YOGURT
- http://www.x-sound.com/user?babe=bestcall
- http://www.x-sound.com/user?babe=modlinden
- http://www.x-sound.com/user?babe=sinai
- http://www.x-sound.com/user?babe=��
- http://www.x-sound.com/user?login
- Show all
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-14
.gif
attachment-15
.gif
attachment-16
.gif
attachment-17
.gif
attachment-18
.gif
attachment-19
.gif
attachment-2
.gif
attachment-20
attachment-21
attachment-22
.js
attachment-23
.html
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.html
EAC拔苗成长指引 v3.58/其它/FLAC encoder/flac.exe
.exe windows:4 windows x86 arch:x86

3dc7d6624618ce5e542f52acc3f1d6b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fseek
fread
ftell
fwrite
fopen
floor
strncmp
free
setlocale
malloc
strchr
_ftol
atoi
printf
vfprintf
strrchr
exit
atof
strspn
qsort
realloc
_setmode
calloc
memmove
memchr
atol
fprintf
fgets
sprintf
fabs
log
ceil
log10
_errno
rename
getenv
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_iob
fclose
_snprintf
frexp
_unlink
_stricmp
_strdup
_utime
_chmod
_stat
_strnicmp

kernel32

GetLastError
MultiByteToWideChar

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EAC拔苗成长指引 v3.58/其它/MP3 encoder/lame.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 732KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 183KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EAC拔苗成长指引 v3.58/其它/MPC encoder/mppenc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EAC拔苗成长指引 v3.58/其它/MPC encoder/wapet.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EAC拔苗成长指引 v3.58/其它/Ogg encoder/P4 CPU/oggenc23P4.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 972KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EAC拔苗成长指引 v3.58/其它/Ogg encoder/oggenc2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EAC拔苗成长指引 v3.58/其它/外部接口aspi驱动/WNASPI32.DLL
.dll windows:4 windows x86 arch:x86

5e7e827f2e700da5b964d8f462a86001

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjects
SetThreadPriority
CreateEventA
CreateMutexA
CloseHandle
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleHandleA
GetVersionExA
Sleep
GetLocalTime
GetLastError
GetVersion
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcess
ResetEvent
VirtualAlloc
GetSystemInfo
AddAtomA
FindAtomA
DeleteAtom
WriteFile
SetFilePointer
ExitProcess
CreateThread
VirtualFree
SetLastError
SetErrorMode
QueryDosDeviceA
GetDriveTypeA
GetTimeZoneInformation
SetConsoleCtrlHandler
GetCurrentProcessId
SetEvent
FreeLibrary
ExitThread
WaitForSingleObject
ReleaseMutex
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualLock
CreateFileA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
RaiseException
GetCommandLineA
HeapFree
FatalAppExitA
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
SetUnhandledExceptionFilter
WideCharToMultiByte
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
FlushFileBuffers
IsBadWritePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetStdHandle
ReadFile
GetLocaleInfoW

user32

MessageBoxA

advapi32

MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
EqualSid
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileSecurityA

Exports

Exports

?DeviceAdded@@YAKPBD@Z
?DeviceQueryRemove@@YA_NPBD@Z
?DeviceRemoveFailed@@YAXPBD@Z
?DeviceRemoved@@YAKPBD@Z
?NeroCdNTControl@@YGHPAXK0K0KPAKPAU_OVERLAPPED@@@Z
?NeroCdNTGetDriveHandleByDriveLetter@@YAPAXE@Z
?NeroCdNTGetDriveHandleByDriveNo@@YAPAXE@Z
?NeroCdNTGetDriveHandleBySCSIAddr@@YAPAXEEE@Z
?NeroCdNTGetScsiAddressByCdRomID@@YAKH@Z
?NeroCdNTGetScsiAddressByDriveLetter@@YAKE@Z
?NeroCdNTOpenDriver@@YAPAXXZ
?VolumeArrived@@YAXKG@Z
?VolumeRemoved@@YAXKG@Z
GetASPI32DLLVersion
GetASPI32SupportInfo
GetAspiDriveInfo
NeroCdNTHaveAdminPrivilege
NeroCdNTNeedAdminPrivilege
ScsiRescan
SendASPI32Command

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EAC拔苗成长指引 v3.58/如无法浏览安装Outlook express即可.txt

Sharing

General

Malware Config

Signatures

Files

3dc7d6624618ce5e542f52acc3f1d6b5

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 40KB - Virtual size: 2.9MB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 732KB

UPX1 Size: 183KB - Virtual size: 184KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 372KB

UPX1 Size: 76KB - Virtual size: 76KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 16KB

UPX1 Size: 3KB - Virtual size: 4KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 792B

.data Size: 1024B - Virtual size: 668B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 972KB

UPX1 Size: 199KB - Virtual size: 200KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 272KB - Virtual size: 272KB

UPX2 Size: 512B - Virtual size: 4KB

5e7e827f2e700da5b964d8f462a86001

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 24KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 40KB - Virtual size: 2.9MB

UPX0
Size: - Virtual size: 732KB

UPX1
Size: 183KB - Virtual size: 184KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 372KB

UPX1
Size: 76KB - Virtual size: 76KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 16KB

UPX1
Size: 3KB - Virtual size: 4KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 792B

.data
Size: 1024B - Virtual size: 668B

UPX0
Size: - Virtual size: 972KB

UPX1
Size: 199KB - Virtual size: 200KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 272KB - Virtual size: 272KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 24KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB