3988ff4c2d1430196cdefb9ca1f8261b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3988ff4c2d1430196cdefb9ca1f8261b_JaffaCakes118
Size

5.5MB
MD5

3988ff4c2d1430196cdefb9ca1f8261b
SHA1

24bfd71e9bbad736be0352ee07acb4b7fda48d86
SHA256

f376d07bc62f337d70b76221ae730469c638f12aa9152b37be30fd7a32de69e3
SHA512

a65dcfdc8e556b40e25d4b9d66e45da93c99164a1c491ab323b325f66331b558ccb2642835ae4290737111f19899b4b35896f3327877dacfd9679ba6f560203a
SSDEEP

98304:WLLOb8lkzZk2gj2HufL8pHmAhacsmKAeZhluERv7WjaEFs8w+QnEwpZ5:WLLXlQZk2gjZfLAHmAQcsOeZbZTWy8w9

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/天下江湖专用挂www.345jh.com/Update.exe
unpack001/天下江湖专用挂www.345jh.com/Xwin.dll
unpack001/天下江湖专用挂www.345jh.com/bosskey.dll
unpack001/天下江湖专用挂www.345jh.com/rxxfl.exe
unpack001/天下江湖专用挂www.345jh.com/xfl_tool.exe

Files

3988ff4c2d1430196cdefb9ca1f8261b_JaffaCakes118
.rar
天下江湖专用挂www.345jh.com/AutoLogin/GameConfig/YBopt.cfg
天下江湖专用挂www.345jh.com/AutoLogin/GameConfig/ming.scp
天下江湖专用挂www.345jh.com/AutoLogin/GameConfig/wahahaha.scp
天下江湖专用挂www.345jh.com/AutoLogin/Hosts.txt
天下江湖专用挂www.345jh.com/Config/Default/NPC.txt
天下江湖专用挂www.345jh.com/Config/Default/RxStone.txt
天下江湖专用挂www.345jh.com/Config/Default/TuYao.txt
天下江湖专用挂www.345jh.com/Config/Default/jgs.txt
天下江湖专用挂www.345jh.com/Config/Default/list.txt
天下江湖专用挂www.345jh.com/Config/Jmpmap.txt
天下江湖专用挂www.345jh.com/Config/Map.txt
天下江湖专用挂www.345jh.com/Config/NPCpos.txt
天下江湖专用挂www.345jh.com/Config/Path.txt
天下江湖专用挂www.345jh.com/Config/Speak.txt
天下江湖专用挂www.345jh.com/Config/WG.txt
天下江湖专用挂www.345jh.com/Map/1001.bmp
天下江湖专用挂www.345jh.com/Map/101.bmp
天下江湖专用挂www.345jh.com/Map/1101.bmp
天下江湖专用挂www.345jh.com/Map/1201.bmp
天下江湖专用挂www.345jh.com/Map/1301.bmp
天下江湖专用挂www.345jh.com/Map/1401.bmp
天下江湖专用挂www.345jh.com/Map/1501.bmp
天下江湖专用挂www.345jh.com/Map/1601.bmp
天下江湖专用挂www.345jh.com/Map/1701.bmp
天下江湖专用挂www.345jh.com/Map/1801.bmp
天下江湖专用挂www.345jh.com/Map/1901.bmp
天下江湖专用挂www.345jh.com/Map/2001.bmp
天下江湖专用挂www.345jh.com/Map/201.bmp
天下江湖专用挂www.345jh.com/Map/2101.bmp
天下江湖专用挂www.345jh.com/Map/2201.bmp
天下江湖专用挂www.345jh.com/Map/23001.bmp
天下江湖专用挂www.345jh.com/Map/25100.bmp
天下江湖专用挂www.345jh.com/Map/25202.bmp
天下江湖专用挂www.345jh.com/Map/25203.bmp
天下江湖专用挂www.345jh.com/Map/25204.bmp
天下江湖专用挂www.345jh.com/Map/25205.bmp
天下江湖专用挂www.345jh.com/Map/25206.bmp
天下江湖专用挂www.345jh.com/Map/25207.bmp
天下江湖专用挂www.345jh.com/Map/25208.bmp
天下江湖专用挂www.345jh.com/Map/25209.bmp
天下江湖专用挂www.345jh.com/Map/25210.bmp
天下江湖专用挂www.345jh.com/Map/25301.bmp
天下江湖专用挂www.345jh.com/Map/25501.bmp
天下江湖专用挂www.345jh.com/Map/25701.bmp
天下江湖专用挂www.345jh.com/Map/301.bmp
天下江湖专用挂www.345jh.com/Map/401.bmp
天下江湖专用挂www.345jh.com/Map/402.bmp
天下江湖专用挂www.345jh.com/Map/403.bmp
天下江湖专用挂www.345jh.com/Map/5001.bmp
天下江湖专用挂www.345jh.com/Map/501.bmp
天下江湖专用挂www.345jh.com/Map/502.bmp
天下江湖专用挂www.345jh.com/Map/503.bmp
天下江湖专用挂www.345jh.com/Map/5401.bmp
天下江湖专用挂www.345jh.com/Map/5501.bmp
天下江湖专用挂www.345jh.com/Map/6001.bmp
天下江湖专用挂www.345jh.com/Map/601.bmp
天下江湖专用挂www.345jh.com/Map/701.bmp
天下江湖专用挂www.345jh.com/Map/801.bmp
天下江湖专用挂www.345jh.com/Map/901.bmp
天下江湖专用挂www.345jh.com/Map/Thumbs.db
天下江湖专用挂www.345jh.com/Update.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
天下江湖专用挂www.345jh.com/Ver.ini
天下江湖专用挂www.345jh.com/Xwin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetAddress
__Install
__Unstall

Sections

CODE
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
天下江湖专用挂www.345jh.com/bosskey.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

dishk
enhk

Sections

CODE
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 83B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
天下江湖专用挂www.345jh.com/help.chm
.chm
天下江湖专用挂www.345jh.com/rxxfl.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
天下江湖专用挂www.345jh.com/sound/PK死亡提示.wav
天下江湖专用挂www.345jh.com/sound/传音提示.wav
天下江湖专用挂www.345jh.com/sound/停挂提示.wav
天下江湖专用挂www.345jh.com/sound/说明.txt
天下江湖专用挂www.345jh.com/xfl_tool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 671KB - Virtual size: 671KB

DATA Size: 25KB - Virtual size: 24KB

BSS Size: - Virtual size: 12KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 50KB - Virtual size: 50KB

.rsrc Size: 231KB - Virtual size: 231KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 1.7MB - Virtual size: 1.7MB

DATA Size: 16KB - Virtual size: 16KB

BSS Size: - Virtual size: 37KB

.idata Size: 11KB - Virtual size: 11KB

.edata Size: 512B - Virtual size: 110B

.vmp0 Size: 137KB - Virtual size: 136KB

.rsrc Size: 207KB - Virtual size: 207KB

.reloc Size: 136KB - Virtual size: 135KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 70KB - Virtual size: 69KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 83B

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

Headers

File Characteristics

Sections

CODE Size: 1.7MB - Virtual size: 1.7MB

DATA Size: 29KB - Virtual size: 29KB

BSS Size: - Virtual size: 14KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 24B

.vmp0 Size: 126KB - Virtual size: 125KB

.rsrc Size: 338KB - Virtual size: 338KB

.reloc Size: 126KB - Virtual size: 125KB

Headers

File Characteristics

Sections

CODE Size: 329KB - Virtual size: 329KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 11KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 21KB - Virtual size: 21KB

CODE
Size: 671KB - Virtual size: 671KB

DATA
Size: 25KB - Virtual size: 24KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 231KB - Virtual size: 231KB

CODE
Size: 1.7MB - Virtual size: 1.7MB

DATA
Size: 16KB - Virtual size: 16KB

BSS
Size: - Virtual size: 37KB

.idata
Size: 11KB - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 110B

.vmp0
Size: 137KB - Virtual size: 136KB

.rsrc
Size: 207KB - Virtual size: 207KB

.reloc
Size: 136KB - Virtual size: 135KB

CODE
Size: 70KB - Virtual size: 69KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 83B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 1.7MB - Virtual size: 1.7MB

DATA
Size: 29KB - Virtual size: 29KB

BSS
Size: - Virtual size: 14KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 24B

.vmp0
Size: 126KB - Virtual size: 125KB

.rsrc
Size: 338KB - Virtual size: 338KB

.reloc
Size: 126KB - Virtual size: 125KB

CODE
Size: 329KB - Virtual size: 329KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 11KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 21KB - Virtual size: 21KB