25e83eed07a3254d12219559a7d71150_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25e83eed07a3254d12219559a7d71150_JaffaCakes118
Size

678KB
MD5

25e83eed07a3254d12219559a7d71150
SHA1

b3b972b642d898e4d89d184814f407fab04b57a8
SHA256

24b12e6c81e17207a376bdf288a81fa30e85647f07f9eb23528a578cf22d1143
SHA512

33311f15fe895342d0c52d783892ac84c351305c10d16d3fd31da4d29f4d117b78a99292009785397a07f3c707db5b6269dcaad33b0d800f6507931821449264
SSDEEP

12288:Tpp9nysxiak5iLTRe35GbVplEcL/epAgiac5L5ThaGQz4CZmUFauz0Qa1nH8:TpnyakY3R85apTDeCHLRCZmUFac0znc

Score

7^/10

vmprotect upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/BBS_Messager/WebBrowser2.fne	acprotect
static1/unpack001/BBS_Messager/krnln.fnr	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/BBS_Messager/WebBrowser2.fne	upx
static1/unpack001/BBS_Messager/krnln.fnr	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/BBS_Messager/BBS_Messager.exe	vmprotect

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BBS_Messager/BBS_Messager.exe
unpack001/BBS_Messager/WebBrowser2.fne
unpack002/out.upx
unpack001/BBS_Messager/krnln.fnr
unpack003/out.upx

Files

25e83eed07a3254d12219559a7d71150_JaffaCakes118
.rar
BBS_Messager/BBS_Messager.exe
.exe windows:4 windows x86 arch:x86

597853cb1d66d511f29ba5cc7cef46ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
VirtualProtect

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BBS_Messager/BBsmsg.ini
BBS_Messager/WebBrowser2.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BBS_Messager/jiaoben/55bbs.gpd
BBS_Messager/jiaoben/admin5论坛.gpd
BBS_Messager/jiaoben/dedecms.gpd
BBS_Messager/jiaoben/discuz官方.gpd
BBS_Messager/jiaoben/phpchina.gpd
BBS_Messager/jiaoben/pps.gpd
BBS_Messager/jiaoben/pps顶贴.gpd
BBS_Messager/jiaoben/分贝网.gpd
BBS_Messager/jiaoben/天极论坛.gpd
BBS_Messager/jiaoben/开心网.gpd
BBS_Messager/jiaoben/校内网.gpd
BBS_Messager/jiaoben/老钱庄.gpd
BBS_Messager/krnln.fnr
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
GetNewSock

Sections

UPX0
Size: - Virtual size: 776KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 776KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BBS_Messager/pmdata.mdb
BBS_Messager/功能说明.txt
BBS_Messager/新云软件.url
.url
BBS_Messager/更新到0223版必须看.txt
BBS_Messager/更新说明.txt
BBS_Messager/标签说明.txt
BBS_Messager/第一次使用前必看.txt

Sharing

General

Malware Config

Signatures

Files

597853cb1d66d511f29ba5cc7cef46ac

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: - Virtual size: 556B

.rdata Size: - Virtual size: 404B

.data Size: - Virtual size: 418KB

.rsrc Size: 5KB - Virtual size: 4KB

.vmp0 Size: - Virtual size: 10KB

.vmp1 Size: 169KB - Virtual size: 169KB

.reloc Size: 512B - Virtual size: 104B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 184KB

UPX1 Size: 102KB - Virtual size: 104KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 32KB - Virtual size: 44KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 28KB - Virtual size: 25KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 776KB

UPX1 Size: 400KB - Virtual size: 400KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 776KB - Virtual size: 773KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 60KB - Virtual size: 123KB

.rsrc Size: 60KB - Virtual size: 57KB

.reloc Size: 68KB - Virtual size: 66KB

.text
Size: - Virtual size: 556B

.rdata
Size: - Virtual size: 404B

.data
Size: - Virtual size: 418KB

.rsrc
Size: 5KB - Virtual size: 4KB

.vmp0
Size: - Virtual size: 10KB

.vmp1
Size: 169KB - Virtual size: 169KB

.reloc
Size: 512B - Virtual size: 104B

UPX0
Size: - Virtual size: 184KB

UPX1
Size: 102KB - Virtual size: 104KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 32KB - Virtual size: 44KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 28KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 776KB

UPX1
Size: 400KB - Virtual size: 400KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 776KB - Virtual size: 773KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 60KB - Virtual size: 123KB

.rsrc
Size: 60KB - Virtual size: 57KB

.reloc
Size: 68KB - Virtual size: 66KB