3a08de0db38eea639902f4f847234e9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a08de0db38eea639902f4f847234e9b_JaffaCakes118
Size

1.1MB
MD5

3a08de0db38eea639902f4f847234e9b
SHA1

38838a090fe753232ed158fdef7da255c89aa06b
SHA256

cade1fab2e5492c08cfab3db74ab579137b93332ac194b3f38db83d78c33da19
SHA512

2ab26326e61380bf18ad7bf265f7926d93de2ddb3060964994f7b046355a1cabde8b809a65591f5d9e8a779c8dd3ed33f37cbc7ea6173380736bd0bc60cdb49c
SSDEEP

24576:/PgxXm4CN2/v1zUHOjcny+aV9JK5j+JyZG9SWyHQ:/PgRRU2/mH2cny+iHK5j+Gxw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/make/7za.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BwLockd.exe
unpack001/make/7zCon.sfx
unpack001/make/7za.exe
unpack001/make/agent01.pak
unpack001/make/agent02.pak

Files

3a08de0db38eea639902f4f847234e9b_JaffaCakes118
.rar
)!双击导入.reg
BwLock.chm
.chm
BwLockd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.nsp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 390KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
license.dat
make/7zCon.sfx
.exe windows:4 windows x86 arch:x86

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_lrotl
memset
sprintf
strlen
memcpy
fputc
fputs
fflush
getc
fclose
_iob
free
malloc
memmove
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler

kernel32

FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreateEventA
FileTimeToSystemTime
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageW
AreFileApisANSI
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
make/7za.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
make/agent01.pak
.exe windows:4 windows x86 arch:x86

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_lrotl
memset
sprintf
strlen
memcpy
fputc
fputs
fflush
getc
fclose
_iob
free
malloc
memmove
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler

kernel32

FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreateEventA
FileTimeToSystemTime
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageW
AreFileApisANSI
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
make/agent02.pak
.exe windows:4 windows x86 arch:x86

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_lrotl
memset
sprintf
strlen
memcpy
fputc
fputs
fflush
getc
fclose
_iob
free
malloc
memmove
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler

kernel32

FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreateEventA
FileTimeToSystemTime
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageW
AreFileApisANSI
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
make/make_agent.bat
下载使用说明.txt
初始口令为空.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 1.2MB

.nsp1 Size: 390KB - Virtual size: 392KB

.nsp2 Size: - Virtual size: 6KB

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 312KB

UPX1 Size: 194KB - Virtual size: 196KB

.rsrc Size: 1KB - Virtual size: 4KB

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

.nsp0
Size: - Virtual size: 1.2MB

.nsp1
Size: 390KB - Virtual size: 392KB

.nsp2
Size: - Virtual size: 6KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 312KB

UPX1
Size: 194KB - Virtual size: 196KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB