714875c503d65e5fd8ee1ca218561bc0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

714875c503d65e5fd8ee1ca218561bc0_JaffaCakes118
Size

3.5MB
MD5

714875c503d65e5fd8ee1ca218561bc0
SHA1

62c1a5329261c5193ae7806b953e1ab90278ba96
SHA256

0ea243039ff76f2c6bca39bbe400f51126683043fb3b33e8410cc0880b936539
SHA512

7655ed498237044524090d29f74d354106d1a4cba6a6e2fc050665810fa115f622b299c3478a040cb26b8239c127679023341da48c8d47d5550f8ebf03040448
SSDEEP

98304:xGEDRhdYWApXVKp4MWUDcTr0q8Z5sRJy+T2LbDt1WNM:xGE+rlKpokccq8sRt2LbDt1yM

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/2016ddos/SkinH.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/2016ddos/SkinH.dll	upx
static1/unpack002/out.upx	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2016ddos/Cache/im.dat
unpack001/2016ddos/Ddos.exe
unpack001/2016ddos/SkinH.dll
unpack002/out.upx

Files

714875c503d65e5fd8ee1ca218561bc0_JaffaCakes118
.rar
2016ddos/Cache/im.dat
.exe windows:4 windows x86 arch:x86

f8d38b4bfd35b823273dad309ceeee2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
ExitProcess
GetTickCount
CloseHandle
ReleaseMutex
OpenMutexA
lstrlenA
lstrcpynA
WaitForSingleObject
SetFilePointer
WriteFile
CreateFileA
LockResource
LoadResource
CreateThread
EnumResourceNamesA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
GetFileAttributesA
GetLastError
GetWindowsDirectoryA
GlobalMemoryStatusEx
GetSystemInfo
lstrcpyA
GetSystemDefaultUILanguage
TerminateProcess
ExitThread
GetStartupInfoA
lstrcmpA
Sleep
GetLocalTime
WinExec
GetModuleFileNameA
LoadLibraryA
FindResourceA
GetProcAddress
GetModuleHandleA
CreateProcessA

user32

GetDesktopWindow
wsprintfA

advapi32

StartServiceCtrlDispatcherA
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegQueryValueExA

shell32

ShellExecuteExA
SHChangeNotify
ShellExecuteA

ws2_32

htons
closesocket
send
select
htonl
recv
setsockopt
WSAIoctl
socket
connect
gethostname
gethostbyname
WSACleanup
sendto
__WSAFDIsSet
inet_addr
WSAStartup
inet_ntoa

shlwapi

SHDeleteKeyA

iphlpapi

GetIfTable
GetAdaptersInfo

msvcrt

strstr
strncmp
strcat
exit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
free
strcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
realloc
malloc
strlen
sprintf
memset
memcpy
atoi
strncpy
strcspn
time
strcpy
localtime
_except_handler3

Sections

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2016ddos/Ddos.exe
.exe windows:4 windows x86 arch:x86

eaeca045491f7cb9376ac9818e4b5dcb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntExA

kernel32

HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapSize
GetACP
GetTimeZoneInformation
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
FileTimeToLocalFileTime
SetErrorMode
GetFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
GetCurrentThread
lstrcmpA
MulDiv
SetLastError
LocalFree
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
FreeResource
FileTimeToSystemTime
lstrcpynA
CompareFileTime
lstrcpyA
lstrlenA
GetLocalTime
GetSystemInfo
PostQueuedCompletionStatus
TerminateThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
GetModuleHandleA
OpenFile
GetFileSize
ReadFile
VirtualProtect
SystemTimeToFileTime
CreateThread
GetTickCount
GetProcAddress
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GetCurrentDirectoryA
DeleteFileA
CreateFileA
WriteFile
CloseHandle
GetModuleFileNameA
lstrcatA
GetFileAttributesA
FreeEnvironmentStringsA

user32

SetRect
GetDCEx
LockWindowUpdate
SetParent
DestroyMenu
GetSysColorBrush
GetDesktopWindow
GetClassNameA
SetRectEmpty
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
CharUpperA
wvsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetDlgItemTextA
GetWindow
SetWindowPos
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
IsIconic
PostMessageA
DrawIcon
LoadIconA
RedrawWindow
ReleaseDC
GetDC
InflateRect
GetIconInfo
SetWindowRgn
DrawIconEx
wsprintfA
ChildWindowFromPointEx
KillTimer
SetTimer
ScreenToClient
ClientToScreen
FillRect
OffsetRect
CopyRect
WindowFromPoint
GetSystemMetrics
GetWindowRect
SystemParametersInfoA
GetDlgCtrlID
LoadStringA
IsChild
SetFocus
GetCursorPos
GetSysColor
IsWindow
LoadCursorA
GetParent
SetCapture
InvalidateRect
GetClientRect
PtInRect
SetCursor
SetWindowLongA
ReleaseCapture
SendMessageA
EnableWindow
MessageBoxA
RegisterClassA
UnregisterClassA

gdi32

GetDeviceCaps
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetRectRgn
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
GetObjectA
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateRectRgnIndirect
PatBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
FrameRgn
FillRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CombineRgn
DeleteObject
GetTextMetricsA
GetTextExtentPoint32A
Rectangle
Polygon
CreateSolidBrush
CreateFontIndirectA
SetWindowExtEx

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Destroy
ImageList_Create

ws2_32

WSASend
WSAAccept
setsockopt
WSAIoctl
getpeername
htonl
shutdown
recv
send
WSAGetLastError
inet_addr
WSASocketA
gethostname
WSARecv
WSACleanup
closesocket
select
connect
htons
gethostbyname
ioctlsocket
socket
WSAStartup
inet_ntoa
accept
listen
bind

skinh

SkinH_AdjustHSV
SkinH_AttachRes
SkinH_SetAero

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2016ddos/SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2016ddos/qqwry.dat
2016ddos/客户端.ini

Sharing

General

Malware Config

Signatures

Files

f8d38b4bfd35b823273dad309ceeee2d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

iphlpapi

msvcrt

Sections

.data Size: 36KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 4KB

eaeca045491f7cb9376ac9818e4b5dcb

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ws2_32

skinh

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 140KB

UPX1 Size: 86KB - Virtual size: 88KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.UPX0 Size: 12KB - Virtual size: 9KB

.UPX1 Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 8KB

.data
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

UPX0
Size: - Virtual size: 140KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.UPX0
Size: 12KB - Virtual size: 9KB

.UPX1
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 8KB