c29bc4713727d469886ea655115dd177_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c29bc4713727d469886ea655115dd177_JaffaCakes118
Size

1.1MB
MD5

c29bc4713727d469886ea655115dd177
SHA1

a618e53de53878f42d878df9838d24ec0a089145
SHA256

b90f778b1da0d357263db0f9149dc1db6ca66cb555feabcd5106a97a549eaa29
SHA512

6db8e7187c85c36d049b7209f240aa0aa971939ff24a15d925c3c5bbfa77a08cad7744c3a82d80eddbd68a751a4b1ad8ed3340fe7bafe52309e0f1df1400e9e7
SSDEEP

24576:3MeA2ja15FInKvF6sR7u8hlk6fR3LCNmW8TAZUcBLaWN:ceQEsR7jh26fILXFr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/binaries/others/SAD1c/BoM 7.5/BoM.exe	upx
static1/unpack002/binaries/virii/DvL/Bat.WinUpdate/bat.win update.exe	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackA/BatzBackA.exe	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackB/BatzBackB.Scr	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackC/BatzBackC.exe	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackD/BatzBackD.exe	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackE/BatzBackE.exe	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/older/BatzBack_1.scr	upx
static1/unpack002/binaries/virii/L0NEw0lf/BatzBack Family/older/BatzBack_2.scr	upx

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack002/binaries/others/SAD1c/BoM 7.5/BoM.exe
unpack002/binaries/others/SpTh/RSBG/Random Silly Batch Generator.exe
unpack002/binaries/virii/DvL/Bat.WinUpdate/bat.win update.exe
unpack004/out.upx
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackA/BatzBackA.exe
unpack005/out.upx
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackB/BatzBackB.Scr
unpack006/out.upx
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackC/BatzBackC.exe
unpack007/out.upx
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackD/BatzBackD.exe
unpack008/out.upx
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/BatzBackE/BatzBackE.exe
unpack009/out.upx
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/older/BatzBack_1.scr
unpack002/binaries/virii/L0NEw0lf/BatzBack Family/older/BatzBack_2.scr

EICAR Anti-Malware test file 1 IoCs

resource	yara_rule
static1/unpack002/binaries/others/DvL/Dangerous Menu 3.2/examples/ioana_2.txt	eicar_test_file

Files

c29bc4713727d469886ea655115dd177_JaffaCakes118
.zip
bz #2.rar
.rar
BZ #2.bat
binaries/others/DvL/Dangerous Menu 3.2/DM 3.2.bat
.bat .vbs
binaries/others/DvL/Dangerous Menu 3.2/about.gif
binaries/others/DvL/Dangerous Menu 3.2/examples/ioana_1.txt
binaries/others/DvL/Dangerous Menu 3.2/examples/ioana_2.txt
.vbs
binaries/others/DvL/Dangerous Menu 3.2/history.txt
binaries/others/DvL/Junk Remover 5.2/JR52.exe
binaries/others/DvL/Junk Remover 5.2/JR52.ico
binaries/others/DvL/Junk Remover 5.2/__notes__.txt
binaries/others/DvL/Junk Remover 5.2/readme.txt
binaries/others/DvL/Junk Remover 5.2/source/JR52.bas
binaries/others/DvL/Junk Remover 5.2/source/JR52.exe
binaries/others/DvL/Junk Remover 5.2/source/JR52.obj
binaries/others/SAD1c/BoM 7.5/BoM.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 615KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
binaries/others/SAD1c/BoM 7.5/History.nfo
binaries/others/SAD1c/BoM 7.5/Readme.txt
binaries/others/SAD1c/BoM 7.5/about.GIF
binaries/others/SAD1c/BoM 7.5/examples/BAT.Batch-O-Matic.75_1.bat
.bat .vbs
binaries/others/SAD1c/BoM 7.5/examples/BAT.Batch-O-Matic.75_2.cmd
.cmd .vbs
binaries/others/SpTh/RSBG/Random Silly Batch Generator.exe
.exe windows:4 windows x86 arch:x86

d17047999d0735a0c49bef9619933307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaVarForInit
ord594
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaVarTstLt
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
_CIlog
__vbaFileOpen
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaVarCopy
_CIatan
_allmul
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
binaries/others/SpTh/RSBG/about.GIF
binaries/others/SpTh/RSBG/about.txt
binaries/others/SpTh/RSBG/examples/RSBG_1.txt
binaries/others/SpTh/RSBG/examples/RSBG_2.txt
.vbs
binaries/virii/Adious/Bat.Bush/Bat.Bush.bat
.bat .vbs
binaries/virii/Adious/Bat.Bush/bat.bush.txt
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap0.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap1.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap2.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap3.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap4.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap5.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap6.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap7.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/dropped files/leap8.vbs
.vbs
binaries/virii/DvL/Bat.Quantum Leap/normal/Bat.Quantum Leap.bat
binaries/virii/DvL/Bat.Quantum Leap/with trash code/Bat.Quantum Leap.bat
binaries/virii/DvL/Bat.Trash.a/Bat.Trash.a [UPX].exe
binaries/virii/DvL/Bat.Trash.a/Bat.Trash.a.bas
binaries/virii/DvL/Bat.Trash.a/Bat.Trash.a.exe
binaries/virii/DvL/Bat.Trash.a/Bat.Trash.a.obj
binaries/virii/DvL/Bat.Trash.b/Bat.Trash.b.bat
binaries/virii/DvL/Bat.Trash.c/Bat.Trash.c [fixed].bat
binaries/virii/DvL/Bat.WinUpdate/__notes__.txt
binaries/virii/DvL/Bat.WinUpdate/bat.win update.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/DvL/Bat.pIRChminator/bat.pIRChminator.bat
binaries/virii/DvL/Bat.pIRChminator/bat.pIRChminator.txt
binaries/virii/L0NEw0lf/Bat.BatzBack.A/Bat.BatzBack.A.bat
binaries/virii/L0NEw0lf/Bat.BatzBack.A/Readme.txt
binaries/virii/L0NEw0lf/Bat.BatzBack.A/__notes__.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackA/BatzBackA.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackA/about.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackA/source/BatzBackA.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackB/BatzBackB.Scr
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackB/about.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackB/source/BatzBackB.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackC/BatzBackC.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .vbs windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackC/about.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackC/source/BatzBackC.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackD/BatzBackD.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .vbs windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackD/about.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackD/source/BatzBackD.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackE/BatzBackE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackE/about.txt
binaries/virii/L0NEw0lf/BatzBack Family/BatzBackE/source/BackZatE.txt
binaries/virii/L0NEw0lf/BatzBack Family/older/BatzBack_1.scr
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binaries/virii/L0NEw0lf/BatzBack Family/older/BatzBack_2.scr
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
binaries/virii/L0NEw0lf/BatzBack Family/older/Readme.txt
binaries/virii/L0NEw0lf/dropped files/BBbLWDB.bat
.bat .vbs
binaries/virii/L0NEw0lf/dropped files/BBbLWDB2.bat
.bat .vbs
binaries/virii/L0NEw0lf/dropped files/BatzBack.bat
binaries/virii/L0NEw0lf/dropped files/WuFFie.bat
.bat .vbs
binaries/virii/L0NEw0lf/dropped files/__notes__.txt
binaries/virii/L0NEw0lf/dropped files/script.ini
binaries/virii/Philet0a$t3r & SpTh/Bat.Iaafe/Bat.Iaafe.bat
.bat .vbs
binaries/virii/Toro/Bat.Tee/Tee_binary.bat
.bat .vbs
binaries/virii/Toro/Bat.Tee/Tee_firstgen.bat
.bat .vbs
binaries/virii/Toro/Bat.Tee/Tee_secondgen.bat
.bat .vbs
binaries/virii/Toro/Bat.Tee/Tee_source.txt
.vbs
binaries/virii/Toro/Bat.Tee/__notes__.txt
binaries/virii/Toro/Bat.Tee/readme.txt
binaries/virii/Toro/Bat.Tee/rrlf.htm
.html
bz.00
bz.01
bz.02
bz.03
bz.04
.vbs
bz.05
.vbs
bz.06
bz.07
.vbs
bz.08
bz.09
bz.logo
file_id.diz
msg.vbs
.vbs
parentaladvisory.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.2MB

UPX1 Size: 615KB - Virtual size: 616KB

.rsrc Size: 4KB - Virtual size: 4KB

d17047999d0735a0c49bef9619933307

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 38KB - Virtual size: 40KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 64KB - Virtual size: 68KB

.data Size: 2KB - Virtual size: 24KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 22KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 928B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 180KB

UPX1 Size: 63KB - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 44KB - Virtual size: 56KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 55KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 36KB - Virtual size: 44KB

.rsrc Size: 4KB - Virtual size: 928B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX0
Size: - Virtual size: 2.2MB

UPX1
Size: 615KB - Virtual size: 616KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 38KB - Virtual size: 40KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 64KB - Virtual size: 68KB

.data
Size: 2KB - Virtual size: 24KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 928B

UPX0
Size: - Virtual size: 180KB

UPX1
Size: 63KB - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 44KB - Virtual size: 56KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 55KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 36KB - Virtual size: 44KB

.rsrc
Size: 4KB - Virtual size: 928B

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 50KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 32KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 928B

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 176KB

UPX1
Size: 32KB - Virtual size: 36KB

UPX2
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 184KB

UPX1
Size: 33KB - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 4KB