8273ac6b373595f151e4958b9549dff5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8273ac6b373595f151e4958b9549dff5_JaffaCakes118
Size

1.7MB
MD5

8273ac6b373595f151e4958b9549dff5
SHA1

53443e79a44a50f8e008b56bb2c2d3640d2f7917
SHA256

01660548c489bfe36162a94718e70195ecbed28d2651bb497681c544306cf294
SHA512

1ed7bdfdb6fecc8d7319fdb1833358e077750d7778bfc77b820fcc84f409165082e63283b0ae843974cb18ca718b49bf27b439fcce60c5e84de688755767ecd7
SSDEEP

24576:f0DXukCu+3zck47zEIkgpoX+VQKDd0YtQzCg1GCp/4Dk6ZCcsKWNOR53gdiNU0Zp:suosIlLkgp48QzYtQFSbCchd3wmFXd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/abc/炫舞助手V0710心动版.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/abc/炫舞助手V0710心动版.exe

Files

8273ac6b373595f151e4958b9549dff5_JaffaCakes118
.rar
abc/助手说明.txt
abc/无法运行请暂时退出杀毒软件.txt
abc/炫舞助手V0710心动版.exe
.exe windows:5 windows x86 arch:x86

e6a1ae2ac5c98a81f8aa44f7c708037d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

midiStreamOpen

ws2_32

WSAStartup

kernel32

Thread32First
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ClientToScreen

gdi32

CreateEllipticRgn

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

oledlg

ord8

wininet

InternetCrackUrlA

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
silentoi_29065018_29.exe
.exe windows:4 windows x86 arch:x86

f788a785d539b505612c30a4de25c967

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22-02-2012 09:18

Not After

22-02-2015 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\webinstaller_compile\root\bdwebinstallertrayicon\unicode_release\bdwebinstaller.pdb

Imports

shlwapi

PathIsURLA
PathIsURLW
PathFileExistsW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW

wininet

InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetOpenUrlW
InternetConnectW
HttpSendRequestW
HttpQueryInfoW
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionW
HttpOpenRequestW

kernel32

FileTimeToSystemTime
FindClose
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
SetEndOfFile
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetLastError
GetCurrentProcess
GetLocalTime
WriteFile
GetCommandLineW
SetLastError
CreateMutexW
GetModuleHandleW
GetTickCount
GetTempPathW
CreateFileW
RaiseException
FindResourceW
FlushInstructionCache
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
SetEvent
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
Sleep
lstrlenW
FileTimeToLocalFileTime
MapViewOfFile
UnmapViewOfFile
GetVersionExW
WaitForSingleObject
DeleteFileW
GetFileSize
GetSystemInfo
MoveFileExW
EnumResourceNamesW
GetModuleFileNameW
GlobalAlloc
GlobalFree
GetVolumeInformationA
DeviceIoControl
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
GetSystemTimeAsFileTime
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
GetDriveTypeW
FindFirstFileW
GetStartupInfoW
RtlUnwind
HeapCreate
GetModuleHandleA
CreateThread
ExitThread
GetStringTypeW
GetStringTypeA
SetFilePointer
CreateFileMappingW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess

user32

SendMessageW
PostQuitMessage
KillTimer
SetTimer
CallWindowProcW
GetWindowLongW
PostMessageW
SetWindowLongW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
ShowWindow
SetWindowPos
FindWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
DestroyWindow
IsWindow
CharNextW
LoadCursorW
UnregisterClassA

advapi32

GetTokenInformation
OpenProcessToken
GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoInitialize
CoUninitialize
CoCreateGuid

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
运行炫舞助手V0710心动版.bat

Sharing

General

Malware Config

Signatures

Files

e6a1ae2ac5c98a81f8aa44f7c708037d

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 528KB

.rdata Size: - Virtual size: 762KB

.data Size: - Virtual size: 261KB

.vmp0 Size: - Virtual size: 857KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 124KB - Virtual size: 121KB

f788a785d539b505612c30a4de25c967

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

shell32

wininet

kernel32

user32

advapi32

ole32

iphlpapi

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: - Virtual size: 528KB

.rdata
Size: - Virtual size: 762KB

.data
Size: - Virtual size: 261KB

.vmp0
Size: - Virtual size: 857KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 124KB - Virtual size: 121KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 24KB - Virtual size: 20KB