011a64eb32bd541bce9ea45ec8c526fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

011a64eb32bd541bce9ea45ec8c526fd_JaffaCakes118
Size

645KB
MD5

011a64eb32bd541bce9ea45ec8c526fd
SHA1

cc2c7776830e33d164b9847a0aada0e699edfbeb
SHA256

7e204e9afaba334fc45cb6618d2049ac813897da2a10d76af2b54ad28d1a4000
SHA512

3d277831257679bee4fa32805d46d238b6ebe787ebefdfb463da2377282b974f832fb0fd401c4528cd2225001dba3d1462695d04507d5e7c83f026c07a2c00d8
SSDEEP

12288:l89M3HTBw/HdB05odVoxqjxhz2qkroj31jry2eC2sZkAVA4nB:l8iHG/dVosjxh0rojFNeC2sLA4nB

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SkinH_EL.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/QQ农场宝贝V2.3去广告版.exe	upx
static1/unpack001/SkinH_EL.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ农场宝贝V2.3去广告版.exe
unpack001/SkinH_EL.dll

Files

011a64eb32bd541bce9ea45ec8c526fd_JaffaCakes118
.rar
ARP联盟.url
QQ农场宝贝V2.3去广告版.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_AttachType
SkinH_Detach
SkinH_DetachEx
SkinH_DetachExt
SkinH_DetachType
SkinH_GetColor
SkinH_GetType
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetMode
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
system.ini
官方主页..url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: 1.5MB - Virtual size: 1.5MB

UPX1 Size: 528KB - Virtual size: 528KB

.rsrc Size: 88KB - Virtual size: 88KB

.mackt Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 91KB - Virtual size: 92KB

.rsrc Size: 2KB - Virtual size: 4KB

UPX0
Size: 1.5MB - Virtual size: 1.5MB

UPX1
Size: 528KB - Virtual size: 528KB

.rsrc
Size: 88KB - Virtual size: 88KB

.mackt
Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 91KB - Virtual size: 92KB

.rsrc
Size: 2KB - Virtual size: 4KB