3c92cbbf8acde170175eab5b8746faba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c92cbbf8acde170175eab5b8746faba_JaffaCakes118
Size

3.1MB
MD5

3c92cbbf8acde170175eab5b8746faba
SHA1

fc1f79681c50a8348b3b4cc32839fe48e384f808
SHA256

ea2cb6c34bf95b45819bd7d3e73e04acf386c0e18a149108ccfc6fc2d0bbcd67
SHA512

bffd265c586d770097eb99b6a204b809ae8f4c6d3491e4b470bb062245ed61d99fa5333f5b935297bbce35e327e278fc9226e495beff147a985eb03ba8204f03
SSDEEP

98304:Wu/H6Kpn/Xz6kPFpCDUb6HivOh7y0RrCiU46PQg:WoH6G/+SpCAeivUfRLg

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/WIFI+Radar（无敌蹭网小软件）/Easy WIFI Radar 1.0.5v Installer.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TpLink密码破解工具/TpLinkPass.exe
unpack001/WIFI+Radar（无敌蹭网小软件）/Easy WIFI Radar 1.0.5v Installer.exe
unpack002/out.upx

Files

3c92cbbf8acde170175eab5b8746faba_JaffaCakes118
.rar
TpLink密码破解工具/AboutDlg.h
TpLink密码破解工具/MainDlg.h
.vbs
TpLink密码破解工具/TpLinkPass.aps
TpLink密码破解工具/TpLinkPass.cpp
TpLink密码破解工具/TpLinkPass.exe
.exe windows:4 windows x86 arch:x86

1dfb6da0c31d04a734da63f1e92680aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateThread
CreateFileA
CloseHandle
SetStdHandle
SetFilePointer
InterlockedDecrement
IsValidCodePage
GetOEMCP
GetCPInfo
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
ReadFile
WideCharToMultiByte
InterlockedIncrement
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ExitProcess
HeapSize
RaiseException
SetEndOfFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
GetStringTypeA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapReAlloc
RtlUnwind
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy

user32

GetDlgItemTextA
MessageBoxW
DefWindowProcW
GetSystemMetrics
LoadImageW
CreateDialogParamW
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageW
GetDlgItem
SetDlgItemTextW
GetWindowLongW
SendMessageW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
SetWindowLongW
UnregisterClassA

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

ws2_32

WSAStartup
htons
socket
WSACleanup
connect
closesocket
send
recv
inet_addr

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TpLink密码破解工具/TpLinkPass.h
TpLink密码破解工具/TpLinkPass.rc
TpLink密码破解工具/TpLinkPass.vcproj
.xml
TpLink密码破解工具/res/TpLinkPass.ico
TpLink密码破解工具/res/飘荡软件.url
.url
TpLink密码破解工具/resource.h
TpLink密码破解工具/stdafx.cpp
TpLink密码破解工具/stdafx.h
TpLink密码破解工具/最牛的单机游戏下载网站.url
TpLink密码破解工具/注册软件.reg
WIFI+Radar（无敌蹭网小软件）/Easy WIFI Radar 1.0.5v Installer.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WIFI+Radar（无敌蹭网小软件）/最牛的单机游戏下载网站.url
WIFI+Radar（无敌蹭网小软件）/注册软件.reg
路由器密码破解器_（5秒极速破解）简单版1.0/EWSA.chm
.chm
路由器密码破解器_（5秒极速破解）简单版1.0/english.dic
路由器密码破解器_（5秒极速破解）简单版1.0/ewsaserv.dll
.dll windows:5 windows x86 arch:x86

ff90b0dc7a1fb3ab0681c9ccb2d93feb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5c
Signer

Actual PE Digest

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
WaitNamedPipeA
CreateFileA
FlushFileBuffers
WriteFile
HeapAlloc
HeapFree
LocalFree
OpenProcess
GetModuleHandleA
GetProcAddress
SetLastError
OpenEventA
ResetEvent
SetEvent
lstrlenA
lstrcatA
ReleaseMutex
CreateMutexA
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetLastError
LoadLibraryExA
FormatMessageA
FreeLibrary
lstrcpyA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegFlushKey
GetSecurityDescriptorDacl
DeleteAce
RegOpenKeyExA
RegSetKeySecurity
RegCloseKey
LookupAccountSidA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

EnterMessageLoop
LsaDecryptData
LsaUnprotectData

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
路由器密码破解器_（5秒极速破解）简单版1.0/ewsaserv.exe
.exe windows:4 windows x86 arch:x86

915507198ccc5d6dae19d8305670a14b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7
Signer

Actual PE Digest

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
lstrlenA
OpenProcess
GetLastError
GetModuleFileNameA
lstrcpyA
lstrcpynA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
ResumeThread
WaitForSingleObject
GetExitCodeThread
LoadLibraryA
FreeLibrary
GetCurrentThread
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dfb6da0c31d04a734da63f1e92680aa

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

comctl32

ws2_32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 7KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 100KB

UPX1 Size: 62KB - Virtual size: 64KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 30KB - Virtual size: 30KB

ff90b0dc7a1fb3ab0681c9ccb2d93feb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:caCertificate

Extended Key Usages

Key Usages

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5cSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

915507198ccc5d6dae19d8305670a14b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:caCertificate

Extended Key Usages

Key Usages

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 100KB

UPX1
Size: 62KB - Virtual size: 64KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 30KB - Virtual size: 30KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5c
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB