aa5e62e952089fcf28f2b42d2c38c300_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa5e62e952089fcf28f2b42d2c38c300_JaffaCakes118
Size

302KB
MD5

aa5e62e952089fcf28f2b42d2c38c300
SHA1

680aad5f738abad94ac17470264054238a4c28a3
SHA256

933a9654aeaacb1e82358effe10976d829fd66be485a7a6e45a1ac51073ac700
SHA512

fe3dd81027fc3d75f8f53acdee2d7733ef2169655b2c963d41676ee269a507b65803855b7633c2d679a48ef9e3556027cf15e07937c996674e0d4467b99401e3
SSDEEP

6144:lhUEurjUB+4nkhAywcl7uvDM1lDRQ/8kfuub9s+oRrQ4FSHtKNMwGAd54sIXQEPp:zbuPV4nIAwgDM1lDR8pb9HoR8LHtBqCb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SERVIDOR-IRC/BOTS/bserv.exe	upx
static1/unpack001/SERVIDOR-IRC/SERVIDOR/bircd.exe	upx
static1/unpack001/SERVIDOR-IRC/SERVIDOR/mkpasswd.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SERVIDOR-IRC/BOTS/bserv.exe
unpack001/SERVIDOR-IRC/SERVIDOR/bircd.exe
unpack001/SERVIDOR-IRC/SERVIDOR/mkpasswd.exe

Files

aa5e62e952089fcf28f2b42d2c38c300_JaffaCakes118
.rar
SERVIDOR-IRC/BOTS/LEER.txt
SERVIDOR-IRC/BOTS/accounts.ini
SERVIDOR-IRC/BOTS/auth.com.ini
SERVIDOR-IRC/BOTS/auth.emailban.ini
SERVIDOR-IRC/BOTS/auth.ini
SERVIDOR-IRC/BOTS/authmail.txt
SERVIDOR-IRC/BOTS/bewareserv.ini
SERVIDOR-IRC/BOTS/bewareserv.replies.ini
SERVIDOR-IRC/BOTS/bewareserv_rehash.bat
SERVIDOR-IRC/BOTS/bewareserv_stop.bat
SERVIDOR-IRC/BOTS/bserv.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SERVIDOR-IRC/BOTS/bworld.com.ini
SERVIDOR-IRC/BOTS/bworld.ini
SERVIDOR-IRC/BOTS/changelog.txt
SERVIDOR-IRC/BOTS/channel.com.ini
SERVIDOR-IRC/BOTS/channel.ini
SERVIDOR-IRC/BOTS/connect4.ini
SERVIDOR-IRC/BOTS/credits.txt
SERVIDOR-IRC/BOTS/readme.txt
SERVIDOR-IRC/BOTS/requestpassmail.txt
SERVIDOR-IRC/BOTS/startbots.ini
SERVIDOR-IRC/BOTS/upgrade-notes.txt
SERVIDOR-IRC/INSTRUCCIONES.txt
SERVIDOR-IRC/LEER.txt
SERVIDOR-IRC/SERVIDOR/LEER.txt
SERVIDOR-IRC/SERVIDOR/bircd-qnet.ini
SERVIDOR-IRC/SERVIDOR/bircd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 600KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SERVIDOR-IRC/SERVIDOR/bircd.ini
SERVIDOR-IRC/SERVIDOR/bircd.txt
SERVIDOR-IRC/SERVIDOR/example.conf
SERVIDOR-IRC/SERVIDOR/ircd.conf
SERVIDOR-IRC/SERVIDOR/ircd.motd
SERVIDOR-IRC/SERVIDOR/mkpasswd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SERVIDOR-IRC/SERVIDOR/rehash.bat
SERVIDOR-IRC/SERVIDOR/restart.bat
SERVIDOR-IRC/SERVIDOR/stdout.txt
SERVIDOR-IRC/SERVIDOR/stop.bat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 444KB

UPX1 Size: 103KB - Virtual size: 104KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 600KB

UPX1 Size: 143KB - Virtual size: 144KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 22KB - Virtual size: 24KB

.rsrc Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 444KB

UPX1
Size: 103KB - Virtual size: 104KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 600KB

UPX1
Size: 143KB - Virtual size: 144KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 4KB