2d3e72d7294e0cf6cac00f2be5b66b70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d3e72d7294e0cf6cac00f2be5b66b70_JaffaCakes118
Size

969KB
MD5

2d3e72d7294e0cf6cac00f2be5b66b70
SHA1

96a00f573b4f03cd6447f2eb2286e2316658d5ee
SHA256

aa3b3e3ddeb5de64799c7b92e48df9bbcfd7f67241be3fce02b9450dfc7aff01
SHA512

a1c5e95eda40a03c3a1964629b9634cac3ce2484099780c2c217f43323ccc7561bf839bc95851ed6d48f6ed7e0f2687bd861498add922fcc152bda6c2ad3c2f8
SSDEEP

24576:ot6sfmc1zrrb2gcmYY9NgJQqsvt73hEMHAx2EdOj4DDMJbEd:ohfR1zrrb9mYQQqsvrEMHAx2EdY4DYWd

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Codecs/CDRip3.dll	acprotect
static1/unpack001/Codecs/LAME_ENC.DLL	acprotect
static1/unpack001/Codecs/Vorb.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Codecs/CDRip3.dll	upx
static1/unpack001/Codecs/LAME_ENC.DLL	upx
static1/unpack001/Codecs/Vorb.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Codecs/CDRip3.dll
unpack002/out.upx
unpack001/Codecs/LAME_ENC.DLL
unpack001/Codecs/Vorb.dll
unpack001/Codecs/bass.dll
unpack001/Codecs/basswma.dll
unpack001/Ripper.wfx

Files

2d3e72d7294e0cf6cac00f2be5b66b70_JaffaCakes118
.zip
Codecs/CDRip3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CR_CloseRipper
CR_DriveStatus
CR_EjectCD
CR_GetActiveCDROM
CR_GetCDROMID
CR_GetCDROMIDByIndex
CR_GetCDROMParameters
CR_GetCDROMType
CR_GetCDRipVersion
CR_GetJitterPosition
CR_GetLastJitterErrorPosition
CR_GetNumCDROM
CR_GetNumTocEntries
CR_GetNumberOfJitterErrors
CR_GetPeakValue
CR_GetPercentCompleted
CR_GetPlayPosition
CR_GetSenseKey
CR_GetSenseKey2
CR_GetSubChannelTrackInfo
CR_GetTocEntry
CR_GetTocEntry2
CR_GetTransportLayer
CR_Init
CR_IsAudioPlaying
CR_IsMMC
CR_IsMediaLoaded
CR_IsUnitReady
CR_LoadSettings
CR_LockCD
CR_NormalizeChunk
CR_OpenRipper
CR_PauseCD
CR_PlaySection
CR_PlayTrack
CR_ReadCDText
CR_ReadToc
CR_RipChunk
CR_SaveSettings
CR_ScanForC2Errors
CR_SelectCDROMType
CR_SetActiveCDROM
CR_SetCDROMParameters
CR_SetPlayPosition
CR_SetTransportLayer
CR_StopPlayTrack

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/LAME_ENC.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

beCloseStream
beDeinitStream
beEncodeChunk
beEncodeChunkFloatS16NI
beFlushNoGap
beInitStream
beVersion
beWriteInfoTag
beWriteVBRHeader

Sections

UPX0
Size: - Virtual size: 704KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Codecs/Vorb.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

vbDecClose
vbDecOpen
vbDecRead
vbDecSeek
vbEncClose
vbEncOpen
vbEncWrite
vbVersion

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 220KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Codecs/bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_CDDoor
BASS_CDFree
BASS_CDGetID
BASS_CDGetTrackLength
BASS_CDGetTracks
BASS_CDInDrive
BASS_CDInit
BASS_CDPlay
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetEAXMix
BASS_ChannelGetFlags
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelResume
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetDSoundObject
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetGlobalVolumes
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetChannelVol
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicLoad
BASS_MusicPlay
BASS_MusicPlayEx
BASS_MusicPreBuf
BASS_MusicSetAmplify
BASS_MusicSetChannelVol
BASS_MusicSetPanSep
BASS_MusicSetPositionScaler
BASS_Pause
BASS_RecordFree
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SamplePlay
BASS_SamplePlay3D
BASS_SamplePlay3DEx
BASS_SamplePlayEx
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DAlgorithm
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetBufferLength
BASS_SetCLSID
BASS_SetEAXParameters
BASS_SetGlobalVolumes
BASS_SetLogCurves
BASS_SetNetConfig
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamGetTags
BASS_StreamPlay
BASS_StreamPreBuf
BASS_Update
_

Sections

Size: 96KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Codecs/basswma.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_WMA_ChannelSetSync
BASS_WMA_EncodeClose
BASS_WMA_EncodeGetClients
BASS_WMA_EncodeGetPort
BASS_WMA_EncodeGetRates
BASS_WMA_EncodeOpenFile
BASS_WMA_EncodeOpenNetwork
BASS_WMA_EncodeSetNotify
BASS_WMA_EncodeSetTag
BASS_WMA_EncodeWrite
BASS_WMA_GetIWMReader
BASS_WMA_StreamCreateFile

Sections

Size: 43KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Languages/english.lan
Languages/franc.lan
Languages/german.lan
Languages/hun.lan
Languages/poland.lan
Languages/russian.lan
Languages/slov.lan
Languages/slov2.lan
Languages/sve.lan
README.txt
README_RU.txt
Ripper.wfx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FsExecuteFile
FsExtractCustomIcon
FsFindClose
FsFindFirst
FsFindNext
FsGetDefRootName
FsGetFile
FsInit
FsPutFile
FsSetDefaultParams
FsStatusInfo

Sections

CODE
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 108KB

UPX1 Size: 66KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 12KB - Virtual size: 11KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 704KB

UPX1 Size: 166KB - Virtual size: 168KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 684KB

UPX1 Size: 220KB - Virtual size: 224KB

UPX2 Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 96KB - Virtual size: 300KB

Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 43KB - Virtual size: 96KB

Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 591KB - Virtual size: 590KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 10KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 306B

.reloc Size: 43KB - Virtual size: 42KB

.rsrc Size: 122KB - Virtual size: 122KB

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 66KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 12KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 704KB

UPX1
Size: 166KB - Virtual size: 168KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 684KB

UPX1
Size: 220KB - Virtual size: 224KB

UPX2
Size: 1KB - Virtual size: 4KB

CODE
Size: 591KB - Virtual size: 590KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 306B

.reloc
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 122KB - Virtual size: 122KB