309d52de62a9d11a0bba7ac9b608ca9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

309d52de62a9d11a0bba7ac9b608ca9e_JaffaCakes118
Size

584KB
MD5

309d52de62a9d11a0bba7ac9b608ca9e
SHA1

e2b406beba1103a6e176b82a6860da0706e1aa8a
SHA256

d9931e4e889863fa4f9479c6627962351b4bda8a1daa86469615f3cbb7597848
SHA512

29a2d84aa6ac8196772f2004c96448d125272485f60f05824aecd7585f9027b0b583f944ed0af7cf24a1188f15fb8406b5607e90ab5f92a5a31f3cb86b396b3a
SSDEEP

12288:8cGnNqx01KRMlOAtLLI6XD5kSa6WGcW3XaFFQ7Ms12/XZ5nyiUUAiwdm+bGW:8cvnKwA1LISD5kUceqFS7F2POPUALbGW

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/优化.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Robolet_AIONTool.exe
unpack001/lua.dll
unpack001/lualib.dll
unpack001/优化.exe
unpack002/out.upx

Files

309d52de62a9d11a0bba7ac9b608ca9e_JaffaCakes118
.rar
Robolet_AIONTool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aion/Config.ini
aion/DB/DB_178.ini
aion/DB/DB_DW.ini
aion/DB/DB_SINA.ini
aion/Language/Chinese(Simplified).ini
aion/Language/Setup.ini
aion/Setup.ini
lua.dll
.dll windows:4 windows x86 arch:x86

9074b30ff0268a3f3f7574d66eabd392

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

isspace
realloc
free
strtod
strncat
strcspn
strncpy
sprintf
isalpha
__security_error_handler
_except_handler3
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
__dllonexit
_onexit
iscntrl
isdigit
isalnum
_setjmp3
longjmp
exit
strcoll
strchr

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DisableThreadLibraryCalls

Exports

Exports

luaF_close
luaF_findupval
luaF_freeclosure
luaF_freeproto
luaF_getlocalname
luaF_newCclosure
luaF_newLclosure
luaF_newproto
luaM_growaux
luaM_realloc
luaS_freeall
luaS_newlstr
luaS_newudata
luaS_resize
luaU_dump
luaU_endianness
luaU_undump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_dump
lua_equal
lua_error
lua_getfenv
lua_getgccount
lua_getgcthreshold
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newtable
lua_newthread
lua_newuserdata
lua_next
lua_open
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushupvalues
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setfenv
lua_setgcthreshold
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_strlen
lua_toboolean
lua_tocfunction
lua_tonumber
lua_topointer
lua_tostring
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_version
lua_xmove
lua_yield

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lualib.dll
.dll windows:4 windows x86 arch:x86

4d26fb599d6bb8b8778486eca6e7755a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua

lua_lessthan
lua_dump
lua_gethookmask
lua_gethook
lua_gethookcount
lua_sethook
lua_pushlightuserdata
lua_getupvalue
lua_setupvalue
lua_setlocal
lua_getlocal
lua_yield
lua_newthread
lua_iscfunction
lua_xmove
lua_resume
lua_newuserdata
lua_topointer
lua_tothread
lua_toboolean
lua_next
lua_setgcthreshold
lua_getgccount
lua_getgcthreshold
lua_rawequal
lua_pushboolean
lua_replace
lua_setfenv
lua_getfenv
lua_isstring
lua_pushnil
lua_typename
lua_pcall
lua_load
lua_strlen
lua_pushnumber
lua_rawgeti
lua_setmetatable
lua_rawseti
lua_tonumber
lua_isnumber
lua_gettable
lua_settable
lua_insert
lua_pushcclosure
lua_gettop
lua_call
lua_remove
lua_checkstack
lua_getmetatable
lua_tostring
lua_touserdata
lua_pushstring
lua_rawget
lua_type
lua_settop
lua_newtable
lua_pushvalue
lua_rawset
lua_pushvfstring
lua_concat
lua_error
lua_getstack
lua_getinfo
lua_pushfstring
lua_pushlstring

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
FormatMessageA

msvcr71

_initterm
free
_except_handler3
__security_error_handler
strncpy
strpbrk
memchr
islower
isalpha
iscntrl
isdigit
ispunct
isupper
isalnum
isxdigit
toupper
tolower
srand
rand
ldexp
frexp
_CIpow
_CIfmod
malloc
ceil
_CIacos
_CIasin
exit
setlocale
difftime
mktime
time
gmtime
localtime
strftime
clock
tmpnam
rename
remove
system
fflush
fseek
ftell
fwrite
fscanf
tmpfile
fgets
strchr
getenv
sprintf
strtoul
fputs
fprintf
_iob
_adjust_fdiv
__CppXcptFilter
__dllonexit
_onexit
floor
fread
strerror
_errno
fclose
isprint
isspace
ungetc
getc
fopen

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checklstring
luaL_checknumber
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findstring
luaL_getmetafield
luaL_getmetatable
luaL_getn
luaL_loadbuffer
luaL_loadfile
luaL_newmetatable
luaL_openlib
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_setn
luaL_typerror
luaL_unref
luaL_where
lua_dobuffer
lua_dofile
lua_dostring
luaopen_base
luaopen_debug
luaopen_io
luaopen_loadlib
luaopen_math
luaopen_string
luaopen_table

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
优化.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
工作室交流群.txt
软件使用条款.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 1.0MB - Virtual size: 1.0MB

DATA Size: 14KB - Virtual size: 13KB

BSS Size: - Virtual size: 5KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 71KB - Virtual size: 71KB

.rsrc Size: 374KB - Virtual size: 374KB

9074b30ff0268a3f3f7574d66eabd392

Headers

File Characteristics

Imports

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 56B

.reloc Size: 4KB - Virtual size: 1KB

4d26fb599d6bb8b8778486eca6e7755a

Headers

File Characteristics

Imports

lua

kernel32

msvcr71

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 68B

.reloc Size: 2KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 35KB - Virtual size: 35KB

CODE
Size: 1.0MB - Virtual size: 1.0MB

DATA
Size: 14KB - Virtual size: 13KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 374KB - Virtual size: 374KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 56B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 35KB - Virtual size: 35KB