f693d2178572585d5da24f59307ace86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f693d2178572585d5da24f59307ace86_JaffaCakes118
Size

186KB
MD5

f693d2178572585d5da24f59307ace86
SHA1

005fc51d061b5228dc1c5d9bae2126df4c0cd8e3
SHA256

11d04c2db191c445e834c172a4a5bf575fd192c9b5bcb4d120c718d17b6e8117
SHA512

241d744330b238c8b3fd7622f947d6ffce7ac3f320e153f45df8b4949c703f2b1335ac5118fa7ef903cc50d894fd46fca847ce5fc1e5d0feb4396f63f055641a
SSDEEP

3072:l9UWp4iIwSe9l/VsfC3M3rD3E7TP2HhYmMM53s3drEa3eh+fb++vY5IIjJd:les4JwSudjkHEPP2HhsC83drioT+4WL

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/ssproemu.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/ssproemu.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/setdll.exe
unpack002/ssproemu.dll

Files

f693d2178572585d5da24f59307ace86_JaffaCakes118
.zip
CURIOUS_WORLD_MAPS_V7.2B_UPDATE-XFORCE/Crack/crack.zip
.zip
curiousmaps.lic
patch.bat
setdll.exe
.exe windows:4 windows x86 arch:x86

c0f49f70ed81b1dbc180a0288082377a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\detours\samples\bin\setdll.pdb

Imports

kernel32

MoveFileA
DeleteFileA
CloseHandle
GetLastError
CreateFileA
SetLastError
UnmapViewOfFile
WriteFile
SetFilePointer
MapViewOfFile
CreateFileMappingA
GetFileSize
WideCharToMultiByte
VirtualProtect
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQuery
GetModuleHandleA

msvcr71

printf
strcat
strcpy
sprintf
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
memset
memcmp
memmove
strcmp
strlen
wcslen
_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ssproemu.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

RNBOsproEmpty

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CURIOUS_WORLD_MAPS_V7.2B_UPDATE-XFORCE/Crack/install.txt
CURIOUS_WORLD_MAPS_V7.2B_UPDATE-XFORCE/file_id.diz
CURIOUS_WORLD_MAPS_V7.2B_UPDATE-XFORCE/x-force.nfo
keygen.nfo

Sharing

General

Malware Config

Signatures

Files

c0f49f70ed81b1dbc180a0288082377a

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcr71

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 364B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 352KB

UPX1 Size: 167KB - Virtual size: 168KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 364B

UPX0
Size: - Virtual size: 352KB

UPX1
Size: 167KB - Virtual size: 168KB

.rsrc
Size: 1KB - Virtual size: 4KB