0d581fd09a5a756b4d5ca4e6fecb2014_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d581fd09a5a756b4d5ca4e6fecb2014_JaffaCakes118
Size

1.0MB
MD5

0d581fd09a5a756b4d5ca4e6fecb2014
SHA1

67982df08b4824f09b27b8dc0d3e96b4e0f4b008
SHA256

e9cb16c7513e2782d1ea5eeb523ff155d7b62749cadeb6743d23c3f042043fc2
SHA512

99fdd10e5c2fae36d3b70bb190e95dc9f42eb61b3f561b55ed50c313750157d2294e468622a7ff0d6c6547cdfca8e4290056eff1b473db3f3feae72071548fc0
SSDEEP

24576:FKwCJNNf5x15bqVgwP0rire+BRauKkK6n5CQbX6frG7fztNRjo+tf0KDvk+/7Dcn:FKlfXygs0F+BakhrNfztNSeo

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/MirServer/DBServer/DBServer.exe	aspack_v212_v242
static1/unpack001/MirServer/GameCenter.exe	aspack_v212_v242
static1/unpack001/MirServer/LoginGate/LoginGate.exe	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MirServer/DBServer/DBServer.exe
unpack001/MirServer/GameCenter.exe
unpack001/MirServer/LoginGate/LoginGate.exe

Files

0d581fd09a5a756b4d5ca4e6fecb2014_JaffaCakes118
.rar
MirServer/23bb.net下载说明必看.txt
MirServer/23bb.net爱上版本站长站.htm
.html
MirServer/Config.ini
MirServer/DBServer/!addrtable.txt
MirServer/DBServer/!serverinfo.txt
MirServer/DBServer/DBServer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 342KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sky
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MirServer/DBServer/DBSrc.ini
MirServer/DBServer/FDB/Hum.DB
MirServer/DBServer/FDB/Mir.DB
MirServer/DBServer/FDB/Mir.DB.idx
MirServer/GM测试请先看.txt
MirServer/GameCenter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 233KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MirServer/LoginGate/BuckIP.txt
MirServer/LoginGate/Config.ini
MirServer/LoginGate/LoginGate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 183KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MirServer/LoginSrv/!UserLimit.txt
MirServer/LoginSrv/!addrtable.txt
MirServer/LoginSrv/!serveraddr.txt
MirServer/LoginSrv/ChrLog/2012-04/Id_17.log
MirServer/LoginSrv/CountLog/2012-04/2012-04-17.txt
MirServer/LoginSrv/IDDB/Id.DB
MirServer/LoginSrv/IDDB/Id.DB.idx

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 342KB - Virtual size: 900KB

DATA Size: 5KB - Virtual size: 16KB

BSS Size: - Virtual size: 20KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 72KB

.rsrc Size: 20KB - Virtual size: 80KB

.sky Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 233KB - Virtual size: 608KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 64KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 183KB - Virtual size: 464KB

DATA Size: 2KB - Virtual size: 8KB

BSS Size: - Virtual size: 708KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 36KB

.rsrc Size: 13KB - Virtual size: 44KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

CODE
Size: 342KB - Virtual size: 900KB

DATA
Size: 5KB - Virtual size: 16KB

BSS
Size: - Virtual size: 20KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 72KB

.rsrc
Size: 20KB - Virtual size: 80KB

.sky
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 233KB - Virtual size: 608KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 64KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 183KB - Virtual size: 464KB

DATA
Size: 2KB - Virtual size: 8KB

BSS
Size: - Virtual size: 708KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 36KB

.rsrc
Size: 13KB - Virtual size: 44KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB