26be5a28dd7860855fa6d4ff40b58382_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26be5a28dd7860855fa6d4ff40b58382_JaffaCakes118
Size

4.6MB
MD5

26be5a28dd7860855fa6d4ff40b58382
SHA1

f88c23756d81fc38b6b14f9c2e8c6b9b3659931a
SHA256

3eb5a6d5e5c93e1e5bd9cc00799dacf281242ad4d67158ead948b14f63adf172
SHA512

961ba1a576a01193a6d3201254d1e847147ca7636edf7a105ed246b8ff69e7d937daf64b7985922e2fcab9cd488a0e809670348bb658a1aa2c5fc163c9e9f634
SSDEEP

98304:VRCIikQmvK9MIbJE3nJmM4rrBmCaUh+HYpOkBFJupv2AMDf0N/PAtOdHZ0J:LJi9nbJEnJRsrBm7YHBZTDse6Zi

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SQLServerBackup.exe
unpack002/ssbk.exe

Files

26be5a28dd7860855fa6d4ff40b58382_JaffaCakes118
.rar
SQLServerBackup-v6.1.2.1418.rar
.zip
SQLServerBackup.exe
.exe windows:4 windows x86 arch:x86

85c3cb0b7c11a2e384c9e22d86e036de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
EnumServicesStatusA
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
StartServiceA

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
GetVolumeInformationA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExcludeClipRect
ExtTextOutA
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

ole32

CLSIDFromProgID
CoCreateInstance
CoGetMalloc
CoInitialize
CoTaskMemFree
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCyFromStr
VarDateFromStr
VarI4FromStr
VarNeg
VarNot
VarR8FromStr
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@$xp$12TEndTimeEdit
@$xp$12TImageButton
@$xp$13THotlinkLabel
@$xp$13THotlinkLabel
@$xp$9TImgPanel
@$xp$9TTimeEdit
@@About@Finalize
@@About@Initialize
@@Backup@Finalize
@@Backup@Initialize
@@Changedbfiles@Finalize
@@Changedbfiles@Initialize
@@Comscheduler@Finalize
@@Comscheduler@Initialize
@@Datam@Finalize
@@Datam@Initialize
@@Endtimeedit@Finalize
@@Endtimeedit@Initialize
@@Errormsg@Finalize
@@Errormsg@Initialize
@@Evaluate@Finalize
@@Evaluate@Initialize
@@Foptions@Finalize
@@Foptions@Initialize
@@Frontpage@Finalize
@@Frontpage@Initialize
@@Hotlinklabel@Finalize
@@Hotlinklabel@Finalize
@@Hotlinklabel@Initialize
@@Hotlinklabel@Initialize
@@Imagebutton@Finalize
@@Imagebutton@Initialize
@@Imgpanel@Finalize
@@Imgpanel@Initialize
@@Import@Finalize
@@Import@Initialize
@@Instanceman@Finalize
@@Instanceman@Initialize
@@Log@Finalize
@@Log@Initialize
@@Mailtest@Finalize
@@Mailtest@Initialize
@@Main@Finalize
@@Main@Initialize
@@Regform@Finalize
@@Regform@Initialize
@@Restore@Finalize
@@Restore@Initialize
@@Scheduler@Finalize
@@Scheduler@Initialize
@@Serversetting@Finalize
@@Serversetting@Initialize
@@Sqlbackupsetting@Finalize
@@Sqlbackupsetting@Initialize
@@Sqlconn@Finalize
@@Sqlconn@Initialize
@@Sqlrestoresetting@Finalize
@@Sqlrestoresetting@Initialize
@@Timeedit@Finalize
@@Timeedit@Initialize
@Adoxcdb@ADORenameTable$qqr17System@AnsiStringt1t1
@Adoxcdb@CreateAccessFile$qqr17System@AnsiString
@Adoxcdb@Finalization$qqrv
@Adoxcdb@initialization$qqrv
@Endtimeedit@Register$qqrv
@Hotlinklabel@Register$qqrv
@Hotlinklabel@Register$qqrv
@Imagebutton@Register$qqrv
@Imgpanel@Register$qqrv
@TEndTimeEdit@
@TEndTimeEdit@$bctr$qqrp18Classes@TComponent
@TEndTimeEdit@$bdtr$qqrv
@TEndTimeEdit@GetDayString$qqrv
@TEndTimeEdit@OnUpDownChangingEx$qqrp14System@TObjectros25Comctrls@TUpDownDirection
@TEndTimeEdit@getday$qqrv
@TEndTimeEdit@getfocusedit$qqrv
@TEndTimeEdit@gethour$qqrv
@TEndTimeEdit@getminute$qqrv
@TEndTimeEdit@getsecond$qqrv
@TEndTimeEdit@onedtdayexit$qqrp14System@TObject
@TEndTimeEdit@onedthourexit$qqrp14System@TObject
@TEndTimeEdit@onedtminuteexit$qqrp14System@TObject
@TEndTimeEdit@onedtsecondexit$qqrp14System@TObject
@TEndTimeEdit@setday$qqri
@TEndTimeEdit@sethour$qqri
@TEndTimeEdit@setminute$qqri
@TEndTimeEdit@setsecond$qqri
@THotlinkLabel@
@THotlinkLabel@
@THotlinkLabel@$bctr$qqrp18Classes@TComponent
@THotlinkLabel@$bctr$qqrp18Classes@TComponent
@THotlinkLabel@CMMouseEnter$qr17Messages@TMessage
@THotlinkLabel@CMMouseEnter$qr17Messages@TMessage
@THotlinkLabel@CMMouseLeave$qr17Messages@TMessage
@THotlinkLabel@CMMouseLeave$qr17Messages@TMessage
@THotlinkLabel@Dispatch$qqrpv
@THotlinkLabel@Dispatch$qqrpv
@THotlinkLabel@SetNormalColor$qqr15Graphics@TColor
@THotlinkLabel@SetNormalColor$qqr15Graphics@TColor
@TImageButton@
@TImageButton@$bctr$qqrp18Classes@TComponent
@TImageButton@$bdtr$qqrv
@TImageButton@CMMouseEnter$qr17Messages@TMessage
@TImageButton@CMMouseLeave$qr17Messages@TMessage
@TImageButton@Dispatch$qqrpv
@TImageButton@ImageListChange$qqrp14System@TObject
@TImageButton@ImgButtonPaint$qqrr17Messages@TMessage
@TImageButton@ImgButtonSize$qr17Messages@TMessage
@TImageButton@OnLeftButtonDown$qr17Messages@TMessage
@TImageButton@OnLeftButtonUp$qr17Messages@TMessage
@TImageButton@SetBorderColor$qqr15Graphics@TColor
@TImageButton@SetBorderWidth$qqri
@TImageButton@SetDisableColor$qqr15Graphics@TColor
@TImageButton@SetImages$qqrp24Imglist@TCustomImageList
@TImageButton@SetMouseDownBorderColor$qqr15Graphics@TColor
@TImageButton@SetMouseDownBorderWidth$qqri
@TImageButton@SetMouseInColor$qqr15Graphics@TColor
@TImageButton@SetMouseOutColor$qqr15Graphics@TColor
@TImageButton@SetRoundRadius$qqri
@TImageButton@SetUseBorder$qqro
@TImgPanel@
@TImgPanel@$bctr$qqrp18Classes@TComponent
@TImgPanel@$bdtr$qqrv
@TImgPanel@Dispatch$qqrpv
@TImgPanel@ImgPanelPaint$qr17Messages@TMessage
@TImgPanel@ImgPanelSize$qr17Messages@TMessage
@TImgPanel@SetBorderColor$qqr15Graphics@TColor
@TImgPanel@SetBorderWidth$qqri
@TImgPanel@SetRoundRadius$qqri
@TImgPanel@SetUseBorder$qqro
@TTimeEdit@
@TTimeEdit@$bctr$qqrp18Classes@TComponent
@TTimeEdit@$bdtr$qqrv
@TTimeEdit@GetEnabledColor$qqrv
@TTimeEdit@OnUpDownChangingEx$qqrp14System@TObjectros25Comctrls@TUpDownDirection
@TTimeEdit@SetEnabledColor$qqr15Graphics@TColor
@TTimeEdit@SetShowSecond$qqro
@TTimeEdit@getfocusedit$qqrv
@TTimeEdit@gethour$qqrv
@TTimeEdit@getminute$qqrv
@TTimeEdit@getsecond$qqrv
@TTimeEdit@onedthourexit$qqrp14System@TObject
@TTimeEdit@onedtminuteexit$qqrp14System@TObject
@TTimeEdit@onedtsecondexit$qqrp14System@TObject
@TTimeEdit@sethour$qqri
@TTimeEdit@setminute$qqri
@TTimeEdit@setsecond$qqri
@Timeedit@Register$qqrv
__GetExceptDLLinfo
___CPPdebugHook
_dm
_fEvaluate
_fabout
_fbackup
_fchangedbfile
_ferrormsg
_ffrontpage
_fimport
_finstanceman
_flog
_fmailtest
_fmain
_foption
_fregform
_frestore
_fschedulerman
_fserversetting
_fsqlbackup
_fsqlconn
_fsqlrestore

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ssbk.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
˵.htm
.html .js polyglot
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

85c3cb0b7c11a2e384c9e22d86e036de

Headers

File Characteristics

Imports

advapi32

kernel32

version

comctl32

comdlg32

gdi32

shell32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 146KB - Virtual size: 184KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 12KB

.edata Size: 6KB - Virtual size: 8KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 91KB - Virtual size: 92KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 146KB - Virtual size: 184KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 12KB

.edata
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 91KB - Virtual size: 92KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB