08ed1410766bb844340cd929facbd052_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08ed1410766bb844340cd929facbd052_JaffaCakes118
Size

967KB
MD5

08ed1410766bb844340cd929facbd052
SHA1

cce753f7d515207a5db80557fa0463b61a155651
SHA256

34cb50b752f2417fc83aea44c3cc618d623232fff4163d3107f3453a5c83086e
SHA512

4e4b482dcce9a6165bcfedb36b99be878013d7740f51034010ff9bcb4a1a195620eabcce8e8735846434b1510bde17f7d118a3d0fd5ac0fc978d739f19a77aeb
SSDEEP

24576:yVd+pfLksePHt5bvR3LaqlvMtW2BLMmhfGr57XieEwi9BHzA:y7+pfoPNV53L/MtzxGr57/CLzA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/webdav-gui.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MehdiIIS.exe
unpack001/WebDAVScan.exe
unpack001/webdav-gui.exe
unpack002/out.upx
unpack001/webdav.exe
unpack001/webdav.xpn
unpack001/xwbf-woodv3.EXE

Files

08ed1410766bb844340cd929facbd052_JaffaCakes118
.zip
MehdiIIS.exe
.exe windows:4 windows x86 arch:x86

7a02a8389b71894bc77aa2ce4863abec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA

msvcrt

strcat
strcmp
strcpy
strlen
strstr
remove
printf
calloc
malloc
sscanf
strncpy
free
getenv
memcmp
atol
_close
_read
_lseek
_open
_write
_stat
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WebDAVScan.exe
.exe windows:4 windows x86 arch:x86

80651c8121af4409eea7cf63f1a390b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4353
ord5290
ord3798
ord4837
ord4441
ord5163
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord567
ord825
ord818
ord4275
ord2152
ord1233
ord1146
ord1168
ord4220
ord2584
ord3654
ord6215
ord6270
ord2863
ord2438
ord1644
ord1175
ord6374
ord3663
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord5241
ord2385
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord693
ord765
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord1949
ord4425
ord3597
ord324
ord4234
ord3402
ord3698
ord2582
ord4402
ord3370
ord3640
ord860
ord540
ord2364
ord2370
ord2302
ord3996
ord4160
ord2379
ord755
ord470
ord2642
ord3092
ord6334
ord941
ord5572
ord858
ord2915
ord537
ord3301
ord4407
ord1776
ord4078
ord6055
ord5199
ord1089
ord5280
ord1576

msvcrt

_exit
_XcptFilter
exit
_onexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
strncpy
strstr
fopen
fprintf
fclose
_setmbcp
__CxxFrameHandler
__dllonexit

kernel32

lstrcpyA
Sleep
CreateThread
CloseHandle
GetModuleHandleA
GetStartupInfoA

user32

SendMessageA
GetCursorPos
GetSystemMenu
EnableWindow
GetSubMenu
LoadMenuA
SetForegroundWindow
IsIconic
MessageBoxA
TrackPopupMenu
SetMenuDefaultItem
DrawIcon
GetClientRect
GetSystemMetrics
LoadIconA
AppendMenuA

shell32

ShellExecuteA
Shell_NotifyIconA

ws2_32

ioctlsocket
WSAStartup
closesocket
recv
send
select
connect
inet_addr
inet_ntoa
htonl
htons
socket
ntohl
WSACleanup

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
monkey.pl
.pl .sh linux
readme.txt
webdav-gui.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
webdav.c
webdav.exe
.exe windows:4 windows x86 arch:x86

47747abd0bd42ea30e77615963b10234

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

wsock32

WSAStartup
closesocket
connect
gethostbyname
htons
ioctlsocket
recv
send
socket

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
webdav.pl
.pl .sh linux
webdav.xpn
.dll windows:4 windows x86 arch:x86

3aa530eb5a909ca71d79d7d3929a8560

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
Sleep
GetVersionExA
GetEnvironmentVariableA
RtlUnwind
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetTickCount
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle

ws2_32

socket
ioctlsocket
htons
inet_addr
connect
closesocket
send
recv
WSAGetLastError

Exports

Exports

GetPluginInfo
PluginFunc

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
webdavIIS50.pl
.pl .sh linux
webdavxx.pl
.pl .sh linux
xwbf-woodv3.EXE
.exe windows:4 windows x86 arch:x86

85ac75bf9ddfb40dd950743fb0021cea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

ws2_32

WSAStartup
WSAGetLastError
ioctlsocket
gethostbyname
shutdown
inet_addr
connect
htons
socket
closesocket
send
recv

kernel32

GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
FlushFileBuffers
LoadLibraryA
GetProcAddress
SetStdHandle
GetACP
GetCPInfo
GetOEMCP
GetLastError
CreateThread
CloseHandle
TerminateThread
ExitProcess
GetTickCount
Sleep
ExitThread
HeapCreate
VirtualFree
MultiByteToWideChar
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetStringTypeA
GetStringTypeW
SetFilePointer
GetVersionExA
HeapDestroy
FreeEnvironmentStringsW
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

GetMenu
CheckMenuItem
SetScrollInfo
CheckDlgButton
SendMessageA
MessageBoxA
GetDlgItem
EnableWindow
DialogBoxParamA
IsDlgButtonChecked

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a02a8389b71894bc77aa2ce4863abec

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 880B

.data Size: 4KB - Virtual size: 836B

.rsrc Size: 4KB - Virtual size: 2KB

80651c8121af4409eea7cf63f1a390b8

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

ws2_32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 180KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 158KB

.rsrc Size: 4KB - Virtual size: 1KB

47747abd0bd42ea30e77615963b10234

Headers

File Characteristics

Imports

kernel32

wsock32

user32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 75KB - Virtual size: 80KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

3aa530eb5a909ca71d79d7d3929a8560

Headers

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

85ac75bf9ddfb40dd950743fb0021cea

Headers

File Characteristics

Imports

comctl32

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 880B

.data
Size: 4KB - Virtual size: 836B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 180KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 158KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 75KB - Virtual size: 80KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 159KB

.rsrc
Size: 4KB - Virtual size: 1KB