0d737fc882a5967c62bae3a7fbc4e5c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d737fc882a5967c62bae3a7fbc4e5c5_JaffaCakes118
Size

3.1MB
MD5

0d737fc882a5967c62bae3a7fbc4e5c5
SHA1

65791b968140232803041f48d053b2b157b1faff
SHA256

6195cce2a86adab70a1eb7ed030741f61bb6ada6602ee3c6a7dee2293af584db
SHA512

37241c702770818c71f58687611e51fdf68504279b3f1d8d7786fccc920ccdb0f8ed0c82fbdeaf411e83217d5119860cbfcb82fd006bf632e6737fa1ef07da9e
SSDEEP

98304:Sfl1l0YEVPrwriFyJKjQlepx/niPeoprL:SXl03VPr4ixjQqKPrL

Score

7^/10

upx aspackv2

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/py_4.6/WGSHELL.DLL	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/py_4.6/pycq.dll	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/py_4.6/WGSHELL.DLL	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/py_4.6/WGSHELL.DLL
unpack001/py_4.6/pycq.bin
unpack001/py_4.6/pycq.dll
unpack001/py_4.6/pycq.exe

Files

0d737fc882a5967c62bae3a7fbc4e5c5_JaffaCakes118
.rar
py_4.6/85游戏网.htm
.html
py_4.6/WGSHELL.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DeRegisterShell
RegisterShell

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
py_4.6/bmpinfo.bin
py_4.6/ipk.cn—海阔天空外挂下载.htm
.html
py_4.6/mapinfo.bin
py_4.6/pycq.bin
.exe windows:4 windows x86 arch:x86

d5c39b3137e593831fea515da1ba2bc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

comctl32

InitCommonControls
ImageList_Destroy

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
OffsetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
LPtoDP
DPtoLP
GetTextColor
GetBkColor
GetMapMode
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
GetClipBox
GetDeviceCaps
SetTextColor
SetBkColor
CreateFontA
SelectObject
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
DeleteObject

kernel32

WritePrivateProfileStringA
GetFileAttributesA
GetFullPathNameA
GetFileTime
SetErrorMode
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
FindClose
FindFirstFileA
GetVolumeInformationA
RtlUnwind
GetStartupInfoA
GetCommandLineA
RaiseException
TerminateProcess
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
FileTimeToLocalFileTime
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
GetLastError
CreateMutexA
GetModuleHandleA
GetTickCount
lstrcatA
lstrcpyA
lstrcpynA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GlobalLock
FileTimeToSystemTime
FormatMessageA
GetThreadLocale
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
SizeofResource
GlobalFlags
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReleaseMutex
CloseHandle
lstrcmpA
lstrlenW
WideCharToMultiByte
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
FindResourceA
LoadResource
SetFilePointer
SetFileAttributesA
SetEndOfFile
RtlZeroMemory
ReadFile
HeapFree
HeapAlloc
GlobalUnlock
GetWindowsDirectoryA
GetVersion
GetThreadContext
GetSystemTime
GetSystemDirectoryA
GetProcessHeap
GetCurrentThreadId
GetCurrentThread
CreateThread
GetExitCodeProcess
Sleep
lstrcmpiA
GetFileSize
CreateFileA
WriteFile
DeleteFileA
WriteProcessMemory
OpenProcess
GetVersionExA

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
VariantTimeToSystemTime
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantClear

olepro32

OleCreateFontIndirect

user32

PtInRect
GetDesktopWindow
GetSysColorBrush
DestroyMenu
CharNextA
LoadStringA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InflateRect
CharUpperA
RegisterClipboardFormatA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GrayStringA
TabbedTextOutA
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
UpdateWindow
MapWindowPoints
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
IsWindowEnabled
PostThreadMessageA
GetClassNameA
WaitForInputIdle
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
IsWindow
GetWindowThreadProcessId
SetWindowPos
SetActiveWindow
GetDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
ReleaseDC
PostMessageA
FindWindowExA
InvalidateRect
MapDialogRect
SetWindowContextHelpId
CopyRect
wsprintfA
PeekMessageA
GetWindowRect
IsIconic
GetSystemMetrics
DrawIcon
FindWindowA
SendMessageA
LoadIconA
EnableWindow
GetCursorPos
WindowFromPoint
RedrawWindow
BeginPaint
GetSysColor
GetClientRect
DrawTextA
EndPaint
GetWindowLongA
CallWindowProcA
LoadCursorA
SetCursor
SetWindowTextA
GetDlgItem
SetWindowLongA
SetTimer
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
SetWindowsHookExA

wgshell

DeRegisterShell
RegisterShell

wininet

InternetOpenA
InternetConnectA
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA
InternetCloseHandle

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

ws2_32

WSASocketA
WSACleanup
send
htonl
sendto
setsockopt
recv
inet_ntoa
closesocket
htons
inet_addr
socket
WSAStartup
connect
WSAAsyncSelect

comdlg32

GetFileTitleA

ole32

OleInitialize
StgOpenStorageOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize

oledlg

OleUIBusyA

Sections

,�+{rn�
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,�*dr��
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,�*dr��
Size: 50KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,�9uan�
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PLL621
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
py_4.6/pycq.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstHookProc
UnInstHookProc

Sections

Size: - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.py460
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.py460
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.py460
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.py460
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
py_4.6/pycq.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 130KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6657
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
py_4.6/海阔天空音乐站.htm
.html
py_4.6/购买收费外挂.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 14KB - Virtual size: 16KB

UPX2 Size: 512B - Virtual size: 4KB

d5c39b3137e593831fea515da1ba2bc6

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

oleaut32

olepro32

user32

wgshell

wininet

winspool.drv

ws2_32

comdlg32

ole32

oledlg

Sections

,�+{rn� Size: 168KB - Virtual size: 168KB

,�*dr�� Size: 44KB - Virtual size: 48KB

,�*dr�� Size: 50KB - Virtual size: 68KB

,�9uan� Size: 18KB - Virtual size: 20KB

.PLL621 Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 396KB

Size: 168KB - Virtual size: 168KB

Size: 4KB - Virtual size: 8KB

.py460 Size: 3KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.py460 Size: 3KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.py460 Size: 3KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.py460 Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 13KB - Virtual size: 20KB

Size: 2KB - Virtual size: 4KB

Size: 2KB - Virtual size: 8KB

Size: 130KB - Virtual size: 224KB

.rsrc Size: 512B - Virtual size: 4KB

.6657 Size: 150KB - Virtual size: 152KB

.adata Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 14KB - Virtual size: 16KB

UPX2
Size: 512B - Virtual size: 4KB

,�+{rn�
Size: 168KB - Virtual size: 168KB

,�*dr��
Size: 44KB - Virtual size: 48KB

,�*dr��
Size: 50KB - Virtual size: 68KB

,�9uan�
Size: 18KB - Virtual size: 20KB

.PLL621
Size: 27KB - Virtual size: 28KB

.py460
Size: 3KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.py460
Size: 3KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.py460
Size: 3KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.py460
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.6657
Size: 150KB - Virtual size: 152KB

.adata
Size: - Virtual size: 4KB