Static task
static1
Behavioral task
behavioral1
Sample
rainhelp2.01/新云软件.url
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
rainhelp2.01/新云软件.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
rainhelp2.01/禹盾助手.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
rainhelp2.01/禹盾助手.exe
Resource
win10v2004-20240802-en
General
-
Target
fa6c5402110488aa7e6b93843f23dfc8_JaffaCakes118
-
Size
1.2MB
-
MD5
fa6c5402110488aa7e6b93843f23dfc8
-
SHA1
a573dc987041adbc12465445837e87edeba0b532
-
SHA256
b58d3435a271b025710f3443800e36b09c06e3dc4f22b0641788fe9bfd980258
-
SHA512
3dcc9302dcf1501d1a8ce5822bd0e31eaefa64c2e632d3583a2efb6f82798fd5ab93a3b1b091951014c430804b74bf8df77a048aa0de2decd733307d49317c8c
-
SSDEEP
24576:nSpPS/7fUoz8zAjlxgJEfMVQl5LOliB3MttcbUvudlX9Szgb3VCCMs4xIq1sg:nSQLUoz8zADdfiwLWztubh9Scretsg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/rainhelp2.01/禹盾助手.exe
Files
-
fa6c5402110488aa7e6b93843f23dfc8_JaffaCakes118.rar
-
rainhelp2.01/skin/BlackBrilliant2/Thumbs.db
-
rainhelp2.01/skin/BlackBrilliant2/active.bmp
-
rainhelp2.01/skin/BlackBrilliant2/buttonlayer.bmp
-
rainhelp2.01/skin/BlackBrilliant2/buttonlayermask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/buttonmask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/closeactivemask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/closelayer.bmp
-
rainhelp2.01/skin/BlackBrilliant2/closelayermask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/controls.bmp
-
rainhelp2.01/skin/BlackBrilliant2/hw.bmp
-
rainhelp2.01/skin/BlackBrilliant2/hwmask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/main.bmp
-
rainhelp2.01/skin/BlackBrilliant2/mask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/maxactivemask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/maxlayer.bmp
-
rainhelp2.01/skin/BlackBrilliant2/maxlayermask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/menuitems.bmp
-
rainhelp2.01/skin/BlackBrilliant2/minactivemask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/minlayer.bmp
-
rainhelp2.01/skin/BlackBrilliant2/minlayermask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/pw.bmp
-
rainhelp2.01/skin/BlackBrilliant2/skin.ini
-
rainhelp2.01/skin/BlackBrilliant2/sysactivemask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/sysmenulayer.bmp
-
rainhelp2.01/skin/BlackBrilliant2/sysmenulayermask.bmp
-
rainhelp2.01/skin/BlackBrilliant2/tool.in1
-
rainhelp2.01/skin/BlackBrilliant2/toolwindow.bmp
-
rainhelp2.01/skin/BlackBrilliant2/toolwindowactive.bmp
-
rainhelp2.01/新云软件.url.url
-
rainhelp2.01/禹盾助手.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.textbss Size: - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 24B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 171KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ