521a016bbabdd353ba2f09918f7290ca_JaffaCakes118

General

Target

521a016bbabdd353ba2f09918f7290ca_JaffaCakes118
Size

76KB
MD5

521a016bbabdd353ba2f09918f7290ca
SHA1

19ddaf8c9437d78a2edd9978310341c4f6fb3fc5
SHA256

104368e8c4117fc06be22cb0b4f9812fd61c63eb6baf60ea1eb20009afe215eb
SHA512

7eaf47f89ca8da2794680bbb5af12566a320a61ead3926e4c347e7a0fd62c6f8793d2d5594b58fae226cf6a97492ca525e1a5865d3bf515322a08dcfb7a6d860
SSDEEP

1536:pt0/DkkPPyElDlIqJqRTPTZedkIID6R9zPqpUyHzuzq8R8eg8BS:3GDBCE7IXTPQdk36R9zPqiyTuzR88BS

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/客户端.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/20.exe
unpack001/客户端.exe

Files

521a016bbabdd353ba2f09918f7290ca_JaffaCakes118
.rar
20.exe
.exe windows:4 windows x86 arch:x86

bfc588dda2bcec26d58f8ea68473fc5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrStrA
StrToIntA

user32

PostThreadMessageA
wsprintfA

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoCreateGuid

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
memcpy
time
srand
rand
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__getmainargs

kernel32

SetFilePointer
GetModuleFileNameA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
ReadFile
CreateMutexA
GetLastError
GetFileAttributesExA
ReleaseMutex
lstrcpyA
lstrlenA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
WriteFile
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
CloseHandle
GetFileTime
SetFileTime

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
客户端.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bfc588dda2bcec26d58f8ea68473fc5a

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

ole32

msvcrt

kernel32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 5KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 160KB

.rsrc Size: 3KB - Virtual size: 32KB

.aspack Size: 30KB - Virtual size: 32KB

.adata Size: - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 160KB

.rsrc
Size: 3KB - Virtual size: 32KB

.aspack
Size: 30KB - Virtual size: 32KB

.adata
Size: - Virtual size: 4KB