2d20871a40963c05baaf6e98d431e5a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d20871a40963c05baaf6e98d431e5a3_JaffaCakes118
Size

1.1MB
MD5

2d20871a40963c05baaf6e98d431e5a3
SHA1

4575169343c9ca8715a299787b0b78f1a0a4eeaf
SHA256

ba96b6ecd0175330c88dd954da77d80fa759adefb6354c53af1ad7e8033ef1f2
SHA512

55db25c11d636338fd99e346775e06db50e1ddf9a806a36d17298dee372b7d3fd7c088c8cf09aaa7fe538148d18f552fee0c5f05565b94e302394dd1b1a94d2d
SSDEEP

24576:J4StL+KAP7OkyBGKxxGsizWK86OQMpgFppuuYS:yStyK32KxxGsnJ1QMWEuYS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Editor/Notepad2.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Editor/Notepad2.exe
unpack002/out.upx
unpack001/SVCT.exe
unpack001/scan.dll

Files

2d20871a40963c05baaf6e98d431e5a3_JaffaCakes118
.rar
Editor/Notepad2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 484KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 228KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Editor/Notepad2.ini
Editor/Notepad2.txt
Editor/新云软件.url
.url
KWBase/KWBaseForAsp.xml
.xml
KWBase/KWBaseForCustom.xml
.xml
Output/NullL.xsl
Output/logo.jpg
.jpg
Preview.html
PreviewData.xml
.xml
SVCT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ScanViciousCode\SVCT\SVCT\obj\Release\SVCT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SVCT.exe.config
.xml
Style/Null.xsl
Style/logo.jpg
.jpg
scan.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\ScanViciousCode\SVCT\scan\obj\Debug\scan.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
test/EDIT.JS
.js
test/FIELDSET.HTM
.html
test/FLASH.ASP
.html
test/HR.HTM
.html
test/IFRAME.asp
.html
test/Image/D_Tu_DL.gif
.gif
test/Image/D_Tu_YD1.gif
.gif
test/Image/D_Tu_YD2.gif
.gif
test/Image/D_Tu_YD3.gif
.gif
test/Image/D_Tu_YD4.gif
.gif
test/Image/T_Menu_Bg.gif
.gif
test/Image/Thumbs.db
test/MEDIA.ASP
test/MIDI/BGZC.MID
test/MIDI/HHYY.MID
test/MIDI/HML.MID
test/MIDI/JSKW.MID
test/MIDI/LMOZLY.MID
test/MIDI/LSBZYT.MID
.js
test/MIDI/ON.MID
test/MIDI/QHYY.MID
test/MIDI/QQKG.MID
test/MIDI/RGQWL.MID
test/MIDI/SZH.MID
test/MIDI/TTNI.MID
test/MIDI/XSXL.MID
test/MIDI/ZDJT.MID
test/MIDI/ZZLY.MID
test/MUnionAD.asp
.vbs
test/PIC.ASP
.html
test/RM.ASP
test/TABLE.HTM
test/addjiangpin.asp
.js
test/addnews.asp
.js
test/addsn.asp
.js
test/addsn1.asp
.vbs
test/admin.asp
.vbs
test/anclass.asp
.vbs
test/anclass1.asp
.vbs
test/aspcheck.asp
.asp .vbs polyglot
test/bak20070913/addsn.asp
.js
test/bak20070913/conn.asp
.vbs
test/bak20070913/editdingdan.asp
.vbs
test/bak20070913/editsn.asp
.vbs
test/bak20070913/menu.asp
.html .js polyglot
test/bak20070913/viewdingdan.asp
.vbs
test/chkadmin.asp
.vbs
test/conn.asp
.vbs
test/conn1.asp
.vbs
test/copyright.asp
test/createhtml.asp
.vbs
test/danweiKill.asp
.vbs
test/danweiSet.asp
.vbs
test/danweimanage.asp
.vbs
test/default.asp
.vbs
test/del.asp
.vbs
test/delfk.asp
.vbs
test/editcolor.htm
.html
test/editdingdan.asp
.vbs
test/editdingdan_new.asp
.vbs
test/editjiangpin.asp
.js
test/editnews.asp
.vbs
test/editorder.asp
.vbs
test/editsn.asp
.vbs
test/editsn2.asp
.vbs
test/editwapdingdan.asp
.vbs
test/editxx.asp
.js
test/fangshi.asp
.vbs
test/fkdel.asp
.vbs
test/fudongKill.asp
.vbs
test/fudongSet.asp
.vbs
test/function.asp
.vbs
test/gonggao.asp
.vbs
test/gonghuoshangSet.asp
.vbs
test/gonghuoshangiKill.asp
.vbs
test/gonghuoshangmanage.asp
.vbs
test/gouwuliucheng.asp
.vbs
test/guanggao.asp
.vbs
test/help.asp
test/help1.asp
test/images1/ABOUT.GIF
.gif
test/images1/ALEFT.GIF
.gif
test/images1/ARIGHT.GIF
.gif
test/images1/BOLD.GIF
.gif
test/images1/CENTER.GIF
.gif
test/images1/CLEAR.GIF
.gif
test/images1/COPY.GIF
.gif
test/images1/CUT.GIF
.gif
test/images1/DELETE.GIF
.gif
test/images1/FIELDSET.GIF
.gif
test/images1/HELP.GIF
.gif
test/images1/IFRAME.GIF
.gif
test/images1/IMAGE.GIF
.gif
test/images1/INDENT.GIF
.gif
test/images1/ITALIC.GIF
.gif
test/images1/LINE.GIF
.gif
test/images1/LINK.GIF
.gif
test/images1/LIST.GIF
.gif
test/images1/MP.GIF
.gif
test/images1/NUMBER.GIF
.gif
test/images1/OUTDENT.GIF
.gif
test/images1/PASTE.GIF
.gif
test/images1/REAL.GIF
.gif
test/images1/REDO.GIF
.gif
test/images1/SUB.GIF
.gif
test/images1/SUP.GIF
.gif
test/images1/SWF.GIF
.gif
test/images1/TABLE.GIF
.gif
test/images1/Thumbs.db
test/images1/UNDO.GIF
.gif
test/images1/UNLINK.GIF
.gif
test/images1/menu1.gif
.gif
test/images1/selectall.gif
.gif
test/images1/underline.gif
.gif
test/include.asp
.vbs
test/index.asp
.vbs
test/jfhjxx.asp
.js
test/links.asp
.vbs
test/listunionuser.asp
.vbs
test/listuser.asp
.vbs
test/listwapdingdan.asp
.vbs
test/loadgoodsinfo.asp
.vbs
test/loadinfo.asp
.vbs
test/login.asp
.js
test/logout.asp
test/managead.asp
.vbs
test/manageadmin.asp
.vbs
test/managejiangpin.asp
.vbs
test/managepinglun.asp
.vbs
test/managesn.asp
.vbs
test/manageunionuser.asp
.vbs
test/manageuser.asp
.vbs
test/managezhuanti.asp
.vbs
test/menu.asp
.html .js polyglot
test/mjiesuan.asp
.vbs
test/moveclass.asp
.vbs
test/mpay.asp
.vbs
test/mzhifu.asp
.vbs
test/nclass.asp
.vbs
test/nclass1.asp
.vbs
test/newsedit.asp
.js
test/pay.asp
.vbs
test/pinglun.asp
.vbs
test/pingpaiKill.asp
.vbs
test/pingpaiSet.asp
.vbs
test/pingpaimanage.asp
.vbs
test/pinpai.asp
.vbs
test/pp.asp
test/pp1.asp
test/renpassword.asp
.vbs
test/reply.asp
.vbs
test/save.asp
.vbs
test/saveaddsn.asp
.vbs
test/saveaddsn1.asp
.vbs
test/saveadmin.asp
.vbs
test/saveanclass.asp
.vbs
test/saveanclass2.asp
.vbs
test/savedingdan.asp
.vbs
test/savegouwuliucheng.asp
.vbs
test/saveimagelinks.asp
.vbs
test/savejfhjxx.asp
.asp .vbs polyglot
test/savejiangpin.asp
.vbs
test/savelinks.asp
.vbs
test/savemoveclass.asp
.vbs
test/savenclass.asp
.vbs
test/savenclass1.asp
.vbs
test/saveorder.asp
.vbs
test/savepinglun.asp
.vbs
test/savepinpai.asp
.vbs
test/savetext.asp
.vbs
test/saveuser.asp
.vbs
test/savevipdyj.asp
.asp .vbs polyglot
test/saveviphd.asp
.asp .vbs polyglot
test/savevipsq.asp
.asp .vbs polyglot
test/savewapdingdan.asp
.vbs
test/savexx.asp
.asp .vbs polyglot
test/savezengpin.asp
.vbs
test/shengKill.asp
.vbs
test/shengSet.asp
.vbs
test/shengmanage.asp
.vbs
test/shiKill.asp
.vbs
test/shiSet.asp
.vbs
test/shimanage.asp
.vbs
test/showunionerorderlist.asp
.vbs
test/showunionpaylist.asp
.vbs
test/sysset.asp
.vbs
test/sysset_fudong.asp
.vbs
test/ta.js
.js
test/text.asp
.vbs
test/tj.asp
.vbs
test/tjbb.asp
.vbs
test/tjbb2.asp
.vbs
test/tplinks.asp
.vbs
test/uploadbak/upLoad_bm.asp
.js
test/uploadbak/upLoad_bm1.asp
.vbs
test/uploadbak/upLoad_c.asp
.js
test/uploadbak/upLoad_c1.asp
.vbs
test/uploadbak/upfile.asp
.vbs
test/uploadbak/upload.asp
.vbs
test/uploadbak/upload_ckxp.inc
.html .vbs polyglot
test/uploadbak/upsave.asp
.vbs
test/viewAeditdingdan.asp
.vbs
test/viewdingdan.asp
.vbs
test/viewdingdan_new.asp
.vbs
test/viewfk.asp
.vbs
test/vieworder.asp
.vbs
test/vipdyj.asp
.js
test/viphd.asp
.js
test/vipsq.asp
.js
test/voteadd.asp
.vbs
test/votedel.asp
.vbs
test/votemanage.asp
.vbs
test/votemodify.asp
.vbs
test/votesave.asp
.vbs
test/voteset.asp
.vbs
test/webconfig.asp
.vbs
test/webedit.css
test/xyvip.asp
.vbs
test/xyvipSet.asp
.asp .vbs polyglot
test/youbianKill.asp
.vbs
test/youbianSet.asp
.vbs
test/youbianmanage.asp
.vbs
test/zengpin.asp
.vbs
test/zhuantiAdd.asp
.js
test/zhuantiAdd2.asp
.vbs
test/zhuantiedit.asp
.js
test/zhuantiedit2.asp
.vbs
test/ziduanSet.asp
.vbs
test/ziduanmanage.asp
.vbs
恶意代码扫描系统v1.0使用说明书.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 484KB

UPX1 Size: 228KB - Virtual size: 232KB

.rsrc Size: 30KB - Virtual size: 32KB

Headers

File Characteristics

Sections

.text Size: 408KB - Virtual size: 404KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 104KB - Virtual size: 138KB

.rsrc Size: 84KB - Virtual size: 83KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 76KB - Virtual size: 75KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 792B

.reloc Size: 4KB - Virtual size: 12B

UPX0
Size: - Virtual size: 484KB

UPX1
Size: 228KB - Virtual size: 232KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 408KB - Virtual size: 404KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 104KB - Virtual size: 138KB

.rsrc
Size: 84KB - Virtual size: 83KB

.text
Size: 76KB - Virtual size: 75KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: 4KB - Virtual size: 12B