f05cbf3693789ca838d9cbc6726ceb1e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f05cbf3693789ca838d9cbc6726ceb1e_JaffaCakes118
Size

232KB
MD5

f05cbf3693789ca838d9cbc6726ceb1e
SHA1

f81b13c6308e5c85010fab075e9ac847bde0b227
SHA256

547d0e960ce71177472255ed7b9677e5c1cfc30f34a0e27573535947e9cb3ca7
SHA512

56e3103587952372b2e59d132c1914d5600e85c710d12345a103c55151e74e0b5fef9d6457ce91da609b70e32b738ebaf73e4917d6bb7ba5aef1fb9fe6201785
SSDEEP

6144:tG435revVLe27n8FId5VmZ7kjotCseO8FG0G0FGtlrf:1FALrUkLFJoPrf

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/UnEBook_chn/XREADER.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UnEBook_chn/UnEBook.dll
unpack001/UnEBook_chn/UnEBook.exe
unpack001/UnEBook_chn/UnEBook_winhlp.dll
unpack001/UnEBook_chn/XREADER.exe

Files

f05cbf3693789ca838d9cbc6726ceb1e_JaffaCakes118
.rar
UnEBook_chn/UnEBook.dll
.dll windows:4 windows x86 arch:x86

0f32a344288487dd83fc446d1ec351f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetFocus

shlwapi

StrRChrA

urlmon

URLDownloadToFileA

Exports

Exports

?StartFunc@@YGHPAUHWND__@@@Z
?StopFunc@@YGHXZ

Sections

.text
Size: 18KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/UnEBook.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 83KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/UnEBook.htm
.html
UnEBook_chn/UnEBook_winhlp.dll
.dll windows:4 windows x86 arch:x86

c49cb99c679d168e9fb1e6c64d97776c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SendMessageA

Exports

Exports

UnCompress

Sections

.text
Size: 57KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/XREADER.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XRG
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnEBook_chn/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

0f32a344288487dd83fc446d1ec351f1

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 83KB - Virtual size: 252KB

.rsrc Size: 8KB - Virtual size: 8KB

c49cb99c679d168e9fb1e6c64d97776c

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 84KB

.bss Size: - Virtual size: 38KB

.data Size: 19KB - Virtual size: 28KB

.idata Size: 2KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 16KB

.XRG Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 252KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 57KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 84KB

.bss
Size: - Virtual size: 38KB

.data
Size: 19KB - Virtual size: 28KB

.idata
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 16KB

.XRG
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB