3ac9efb0e21331c4981fa3daabd96ba2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ac9efb0e21331c4981fa3daabd96ba2_JaffaCakes118
Size

1.6MB
MD5

3ac9efb0e21331c4981fa3daabd96ba2
SHA1

14dd20529b6c450ec115c0a5f6c18bbb4ef60aa8
SHA256

efb11a3610434d224daca512614c31ba02ec46b765cb82d3b94b6e362280d908
SHA512

070ae307a33d903094dd37dc7c2f3c7637d88edd580e052766015e11664d1c70d9981d3ffc9bb7512990391bda0f46595f549e47100d4ec5f0663b5f15d71036
SSDEEP

49152:djZkEYDkuOLU/f8tO1WIu7NgnrskwmRIlxA:1ZkEazOLU/EtuWIu6nwkrIlC

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/cartrade/CarTrade.exe	aspack_v212_v242
static1/unpack001/cartrade/PubFunc.dll	aspack_v212_v242
static1/unpack001/cartrade/SoftUpdate.exe	aspack_v212_v242
static1/unpack001/cartrade/borlndmm.dll	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cartrade/CarTrade.exe
unpack001/cartrade/PubFunc.dll
unpack001/cartrade/SoftUpdate.exe
unpack001/cartrade/borlndmm.dll

Files

3ac9efb0e21331c4981fa3daabd96ba2_JaffaCakes118
.rar
cartrade/CHIS.INI
cartrade/CarTrade.chm
.chm
cartrade/CarTrade.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 886KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cartrade/Data/CarTrade.mdb
cartrade/PubFunc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Decrypt
Encrypt

Sections

CODE
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cartrade/SoftUpdate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 218KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cartrade/Update.ini
cartrade/borlndmm.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@Borlndmm@HeapAddRef$qqrv
@Borlndmm@HeapRelease$qqrv
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysReallocMem$qqrpvi
DumpBlocks
FreeMemory
GetAllocMemCount
GetAllocMemSize
GetHeapStatus
GetMemory
ReallocMemory

Sections

CODE
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cartrade/rmuser.chm
.chm
cartrade/原始的销售发票打印样式.rmf
cartrade/当前使用的销售发票打印样式.rmf
cartrade/必看说明.htm
cartrade/成交证明单.rmf
cartrade/河源下载站.url
.url
cartrade/网上升级的销售发票打印样式.rmf

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 886KB - Virtual size: 2.5MB

DATA Size: 9KB - Virtual size: 24KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 168KB

.rsrc Size: 185KB - Virtual size: 772KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 16KB - Virtual size: 32KB

DATA Size: 1024B - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.aspack Size: 3KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 218KB - Virtual size: 552KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 44KB

.rsrc Size: 25KB - Virtual size: 128KB

.aspack Size: 8KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 7KB - Virtual size: 16KB

DATA Size: 512B - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

CODE
Size: 886KB - Virtual size: 2.5MB

DATA
Size: 9KB - Virtual size: 24KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 168KB

.rsrc
Size: 185KB - Virtual size: 772KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 16KB - Virtual size: 32KB

DATA
Size: 1024B - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.aspack
Size: 3KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 218KB - Virtual size: 552KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 44KB

.rsrc
Size: 25KB - Virtual size: 128KB

.aspack
Size: 8KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 7KB - Virtual size: 16KB

DATA
Size: 512B - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB