54b42e9cdd7cd34337e87afbbd15f591_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

54b42e9cdd7cd34337e87afbbd15f591_JaffaCakes118
Size

185KB
MD5

54b42e9cdd7cd34337e87afbbd15f591
SHA1

421fb209daef3a1acd521c7a01daf4f2c452fc85
SHA256

eab4cafe9a157aa8c98145cfc5744f3807ecaf0c74502de3240a518577ecbd58
SHA512

2a52cb5b1cc1afaf80027da4918cf80e747d6fde077adc431786c497482afd28827b55ee01d37f2c352b47cee25e1e0c390c033436fb6d151945f4bb5e2cf51c
SSDEEP

3072:TnJHX5jmMqGZ+ydIx+pmwgPVH/RveLFz0mZD4UBplLJjN0pudm8DKBQ8G9ht7J7J:Tx1mM5Fd3gZkz0uDXldSYt22F06

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Metin2 Levelbot 2011/HackShield Bypass v0.3.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Metin2 Levelbot 2011/ExpIsEasy.v2.dll
unpack001/Metin2 Levelbot 2011/HackShield Bypass v0.3.exe

Files

54b42e9cdd7cd34337e87afbbd15f591_JaffaCakes118
.rar
Metin2 Levelbot 2011/ExpIsEasy.v2.dll
.dll windows:5 windows x86 arch:x86

b53431ae88df56948d14380f7727b60b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\Dragon\Desktop\Mobber\Release\ButtaAll.pdb

Imports

kernel32

GetModuleHandleW
Sleep
VirtualProtect
DisableThreadLibraryCalls
CreateThread
FlushInstructionCache
SetLastError
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
UnhandledExceptionFilter
InterlockedExchange
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount

msvcr90

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
sscanf_s
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxQueryExceptionSize
_cexit
??2@YAPAXI@Z
__FrameUnwindFilter
memcpy
??3@YAXPAX@Z
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Metin2 Levelbot 2011/Faith.ini
Metin2 Levelbot 2011/HackShield Bypass v0.3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b53431ae88df56948d14380f7727b60b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

msvcm90

mscoree

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 3KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 19KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 3KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 12KB