563340c2b9f9a0febc317a0a132f94c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

563340c2b9f9a0febc317a0a132f94c7_JaffaCakes118
Size

396KB
MD5

563340c2b9f9a0febc317a0a132f94c7
SHA1

38a84901610087488097ba7f18f41623d5adb501
SHA256

831c0bab644b763864e3de0a5f53837687ac165db9c290fa49556f4ad437107a
SHA512

7e627062768cc6abe5b86a96979e0dc3219d6fbf586cd925bb8f99dd8beaec91f01dffa213489a5d13e258e317435dcbe9494dabc661c5c4348e3f27a04c8f1a
SSDEEP

12288:BO1Gys57ISq972tIEeWKLM1M7RaoKQfK9IhWh:vyFSK7We6MVaTQfK9zh

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/drm2wmv1241/drm2wmv.exe
unpack002/drm2wmv1241/drm2wmv_e.exe
unpack002/drm2wmv1241/key2find.exe
unpack002/drmdbg527/drmdbg.exe
unpack002/drmv2clt.dll

Files

563340c2b9f9a0febc317a0a132f94c7_JaffaCakes118
.rar
破解wmv许可证文件/drm2wmv527.rar
.rar
drm2wmv1241/drm1/drm1-e.key
drm2wmv1241/drm1/drm1-i.key
drm2wmv1241/drm1/drm1-w.key
drm2wmv1241/drm2/drm2-e.key
drm2wmv1241/drm2/drm2-i.key
drm2wmv1241/drm2/drm2-w.key
drm2wmv1241/drm2wmv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
drm2wmv1241/drm2wmv.txt
drm2wmv1241/drm2wmv_e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.newIID
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
drm2wmv1241/key2find.exe
.exe windows:4 windows x86 arch:x86

638b307c3665f99f394c14703b22b606

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetModuleFileNameA
FindClose
FindNextFileA
GlobalFree
FindFirstFileA
SetCurrentDirectoryA
GlobalAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetCurrentDirectoryA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
drm2wmv1241/key2find.txt
drmdbg527/drmdbg.exe
.exe windows:4 windows x86 arch:x86

3a1d23ce48f1d178773e1929043d62fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\backup\d drive\自作つーる\drmdbgみたいなやつ_ｺﾝｿｰﾙなし\Debug\drmdbgみたいなやつ_ｺﾝｿｰﾙなし.pdb

Imports

kernel32

ContinueDebugEvent
SetFilePointer
ReadFile
CreateFileW
CloseHandle
GetFileSize
CreateFileA
WideCharToMultiByte
FlushInstructionCache
InterlockedDecrement
VirtualFree
VirtualAlloc
VirtualProtectEx
GetSystemInfo
WriteProcessMemory
ReadProcessMemory
GetThreadContext
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
RaiseException
SetThreadContext
GetThreadLocale
GetLocaleInfoA
SetStdHandle
GetOEMCP
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetACP
InterlockedExchange
WaitForDebugEvent
GetVersionExA
WaitForSingleObject
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SetEvent
OpenEventA
lstrlenA
lstrcpyA
lstrcpyW
OutputDebugStringA
OutputDebugStringW
lstrcpynW
MultiByteToWideChar
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
GetLastError
CreateFileMappingA
GetCurrentThread
GetVersion
OpenFileMappingA
InterlockedIncrement
GetModuleFileNameW
GetModuleFileNameA
DebugBreak
GetStdHandle
WriteFile
RtlUnwind
IsBadWritePtr
HeapValidate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualQuery
SetUnhandledExceptionFilter
FlushFileBuffers
VirtualProtect
GetCPInfo

user32

UnregisterClassA
OpenClipboard
EmptyClipboard
SetClipboardData
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects
CloseClipboard
MessageBoxExA
wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
SetThreadToken
RevertToSelf
OpenThreadToken
RegOpenKeyExA

ole32

CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData

Sections

.textbss
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
drmdbg527/drmdbg.ini
drmdbg527/drmdbg.txt
drmv2clt.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d3cf7bb381cd14ccb93fa051ce8c230f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

drmv2clt.pdb

Imports

msvcrt

_strcmpi
__CxxFrameHandler
_onexit
__dllonexit
_adjust_fdiv
_initterm
_stricmp
swscanf
strncat
realloc
_strnicmp
_beginthread
malloc
_snwprintf
_wcsnicmp
wcscat
tolower
_wfopen
sprintf
fopen
fprintf
fwrite
fclose
wcsstr
free
wcscpy
_purecall
strcmp
_wcsicmp
wcslen
memset
iswspace
_strlwr
fseek
fread
mbstowcs
wcschr
_beginthreadex
_itow
memcmp
wcstok
wcscmp
_wtol
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
strcpy
strlen
isupper
strcat
atoi
_strupr
wcstombs
swprintf
_wcslwr
iswdigit
iswxdigit
towlower
iswalpha
_wtoi
wcspbrk
_wcsset
wcsncmp
_lseek
_write
_read
_close
_open
isspace
sscanf
_snprintf
strrchr
strstr
strchr
memmove
_errno
wcsrchr
wcsncpy
printf
_except_handler3
strncpy

kernel32

lstrlenW
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetLogicalDriveStringsA
SystemTimeToFileTime
ReleaseMutex
CreateMutexA
GetTickCount
LocalAlloc
LocalFree
CreateFileW
CreateFileA
GetFileSize
GetUserDefaultLangID
SetErrorMode
DeleteFileW
DeleteFileA
WriteFile
ReadFile
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
WaitForSingleObject
CreateEventA
SetEvent
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
GetFileAttributesW
GetFileAttributesA
lstrlenA
GetModuleHandleA
GetLastError
GetProcAddress
MultiByteToWideChar
CloseHandle
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FreeEnvironmentStringsA
GlobalMemoryStatus
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
InterlockedExchange
GetSystemInfo
HeapAlloc
VirtualFree
GetSystemTime
GetLocalTime
FreeLibrary
LoadLibraryA
OutputDebugStringA
VirtualAlloc
FlushInstructionCache
VirtualProtect
CreateDirectoryA
GetWindowsDirectoryA
CreateDirectoryW
GetWindowsDirectoryW
SetFileAttributesA
LoadLibraryExA
lstrcatA
Sleep
WaitForMultipleObjects
CompareFileTime
GetFileAttributesExA
GetFileAttributesExW
SetLastError
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
GetShortPathNameA
MoveFileExA
GetVersionExW
MoveFileExW
CreateSemaphoreA
ReleaseSemaphore
GetUserDefaultLCID
IsBadReadPtr
CopyFileW
GetTempFileNameA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToSystemTime
FormatMessageA
GetModuleFileNameW
GetModuleHandleW
GetSystemDirectoryA
LoadLibraryExW
SetFileAttributesW
GetCPInfo
GetVersion
DeviceIoControl
CompareStringA
lstrcpynW
IsBadWritePtr
GetDiskFreeSpaceA
CompareStringW

advapi32

RegQueryValueExA
GetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteValueA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
SetNamedSecurityInfoW
RegCreateKeyExA
RegSetValueExA

ole32

PropVariantClear
StgOpenStorage
StgCreateDocfile
IIDFromString
CoTaskMemAlloc
CLSIDFromString
CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

VariantCopy
SafeArrayCopy
SafeArrayDestroy
VariantClear
SafeArrayGetDim
VariantInit
VariantTimeToSystemTime
SysAllocStringByteLen
SafeArrayGetVartype
SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SystemTimeToVariantTime

user32

wsprintfA
GetForegroundWindow
IsCharAlphaW
SendMessageA
RegisterWindowMessageA

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetCloseHandle
InternetCrackUrlA
InternetReadFile
InternetGetConnectedState
HttpSendRequestA

drmclien

ord20
ord7
ord9
ord3
??0CDRMLiteCrypto@@QAE@XZ
??1CDRMLiteCrypto@@QAE@XZ
ord19
ord4
ord5
?RestoreLicenses@CDRMLiteCrypto@@QAEJKPAEPAGPAUIUnknown@@PAHPAX@Z
?BackupLicenses@CDRMLiteCrypto@@QAEJKPAGPAUIUnknown@@PAHPAX@Z
?GetLicenses@CDRMLiteCrypto@@QAEJPBDPAUPMLICENSE@@PAKKPAX2PAE@Z
ord14
ord6

mscat32

CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext

Exports

Exports

CreateDRMRightsManager
DllRegisterServer
DllUnregisterServer
LaunchURL
MakeEscapedURL

Sections

.text
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
破解wmv许可证文件/下载说明.txt
破解wmv许可证文件/使用必读.url
.url
破解wmv许可证文件/华彩软件站.url
.url
破解wmv许可证文件/破解wmv注册文件方法.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: - Virtual size: 48KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.newIID Size: 1KB - Virtual size: 4KB

638b307c3665f99f394c14703b22b606

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 15KB

3a1d23ce48f1d178773e1929043d62fe

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

Sections

.textbss Size: - Virtual size: 65KB

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 23KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 60KB - Virtual size: 57KB

d3cf7bb381cd14ccb93fa051ce8c230f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ole32

oleaut32

user32

wininet

drmclien

mscat32

Exports

Exports

Sections

.text Size: 639KB - Virtual size: 639KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: - Virtual size: 48KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.newIID
Size: 1KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

.textbss
Size: - Virtual size: 65KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 23KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 60KB - Virtual size: 57KB

.text
Size: 639KB - Virtual size: 639KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB