4369ba99a8c0e8c162ba6d9da5d81705_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4369ba99a8c0e8c162ba6d9da5d81705_JaffaCakes118
Size

1.1MB
MD5

4369ba99a8c0e8c162ba6d9da5d81705
SHA1

e60fefb507cd2a2d51cdb01dcb0c5799e2f35d03
SHA256

2b5cd425708d30ee12f066809bc68da16d4b10add76230c9943791a20c5c876f
SHA512

67b6e27701467f5d1b9b2a25b37954be6a81cad0e30e7e77b198081d042191fa5e2673094b086ada1223b58935d0b8ce37d31b50a3c500fa01c310a62e000124
SSDEEP

24576:udDRpk2sBj8k3UcFeM2V9hK5ssYyLGSSyNE6AastOmkFrMniKvN2Q3iKPi7M:cdpkOk3UcFeMm3K5ssu+LzsMBrMiKl20

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bwlock_v201/make/7za.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bwlock_v201/BwLockd.exe
unpack001/bwlock_v201/LPK.DLL
unpack001/bwlock_v201/make/7zCon.sfx
unpack001/bwlock_v201/make/7za.exe
unpack001/bwlock_v201/make/agent01.pak
unpack001/bwlock_v201/make/agent02.pak

Files

4369ba99a8c0e8c162ba6d9da5d81705_JaffaCakes118
.rar
bwlock_v201/!)设JZ5U为首页!.reg
bwlock_v201/)!访问我们的网站！.url
.url
bwlock_v201/BwLock.chm
.chm
bwlock_v201/BwLockd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.nsp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 390KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bwlock_v201/LPK.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bwlock_v201/license.dat
bwlock_v201/make/7zCon.sfx
.exe windows:4 windows x86 arch:x86

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_lrotl
memset
sprintf
strlen
memcpy
fputc
fputs
fflush
getc
fclose
_iob
free
malloc
memmove
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler

kernel32

FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreateEventA
FileTimeToSystemTime
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageW
AreFileApisANSI
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bwlock_v201/make/7za.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bwlock_v201/make/agent01.pak
.exe windows:4 windows x86 arch:x86

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_lrotl
memset
sprintf
strlen
memcpy
fputc
fputs
fflush
getc
fclose
_iob
free
malloc
memmove
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler

kernel32

FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreateEventA
FileTimeToSystemTime
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageW
AreFileApisANSI
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bwlock_v201/make/agent02.pak
.exe windows:4 windows x86 arch:x86

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_lrotl
memset
sprintf
strlen
memcpy
fputc
fputs
fflush
getc
fclose
_iob
free
malloc
memmove
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler

kernel32

FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreateEventA
FileTimeToSystemTime
SetEndOfFile
WriteFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageW
AreFileApisANSI
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileW
CreateDirectoryA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bwlock_v201/make/make_agent.bat
bwlock_v201/使用说明.txt
bwlock_v201/初始口令为空.txt
bwlock_v201/说明.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 1.2MB

.nsp1 Size: 390KB - Virtual size: 392KB

.nsp2 Size: - Virtual size: 6KB

Headers

File Characteristics

Sections

CODE Size: 12KB - Virtual size: 12KB

DATA Size: 512B - Virtual size: 236B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 892B

.rsrc Size: 1KB - Virtual size: 1KB

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 312KB

UPX1 Size: 194KB - Virtual size: 196KB

.rsrc Size: 1KB - Virtual size: 4KB

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

fcdeed561b3f391fb24372fcfaa91375

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

.nsp0
Size: - Virtual size: 1.2MB

.nsp1
Size: 390KB - Virtual size: 392KB

.nsp2
Size: - Virtual size: 6KB

CODE
Size: 12KB - Virtual size: 12KB

DATA
Size: 512B - Virtual size: 236B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 892B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 312KB

UPX1
Size: 194KB - Virtual size: 196KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB