f40588421525985200a0b6fce0d2b1f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f40588421525985200a0b6fce0d2b1f6_JaffaCakes118
Size

462KB
MD5

f40588421525985200a0b6fce0d2b1f6
SHA1

3e4aa7b5ae7709a7199e720172fffcffcc7bf21f
SHA256

a686ee69533877efea499781fafbe02ae8f0cebe9b01086cd1597c3b4fd5cce0
SHA512

3f5a175a6e8395ef90ab818b6d73ac66ace274258431fcb622c460b75f4b3457b0b75ba160acf31763463e51723cf45fb5f5592a5ce76c8343d1b3624ac59746
SSDEEP

12288:ZgVzn7VXJZjAZRGVUXQxO015QFqcnYZ/Ks:ZIzZXLC1015qqcna

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hang.exe
unpack001/VAC-Bypass-Loader.exe
unpack001/boruqhook.dll

Files

f40588421525985200a0b6fce0d2b1f6_JaffaCakes118
.rar
Hang.exe
.exe windows:6 windows x86 arch:x86

33ab8cdc0d0aa51120ab9da93db33b65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
CloseHandle
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
CreateToolhelp32Snapshot
Process32Next
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetCurrentThread
OutputDebugStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
CreateFileW
DecodePointer

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VAC-Bypass-Loader.exe
.exe windows:6 windows x86 arch:x86

3459baa3b412456c11f694f0298f4da0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
ResumeThread
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
lstrcatW
Process32FirstW
CloseHandle
WaitForSingleObject
GetProcAddress
VirtualAllocEx
RtlZeroMemory
CreateProcessW
CreateRemoteThread
Module32NextW
VirtualFreeEx
lstrcmpiW
GetModuleHandleW
TerminateProcess
GetCommandLineW
Module32FirstW
WriteProcessMemory
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentProcess

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathGetArgsW

vcruntime140

_except_handler4_common
memset
__current_exception_context
__current_exception

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
_controlfp_s
terminate
_c_exit
_cexit
_exit
exit
_set_app_type
_seh_filter_exe
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
boruqhook.dll
.dll windows:6 windows x86 arch:x86

1c48ae0d844c59efe9c9257b5e26203b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibraryAndExitThread
Sleep
DisableThreadLibraryCalls
CreateThread
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetTickCount
GetStdHandle
WriteConsoleA
ReadConsoleA
FreeConsole
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
Beep
VirtualQuery
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
QueryPerformanceFrequency
GetModuleFileNameA
VirtualProtect
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcess
TerminateProcess
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
RaiseException
ReadFile
ExitProcess
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapAlloc
HeapFree
FlushFileBuffers
WriteFile
GetConsoleCP
GetFileSizeEx

user32

CallWindowProcA
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
SetWindowLongA
ClientToScreen
SetCursor
GetClientRect
SetCursorPos
LoadCursorA

imm32

ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33ab8cdc0d0aa51120ab9da93db33b65

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

3459baa3b412456c11f694f0298f4da0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 452B

1c48ae0d844c59efe9c9257b5e26203b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

Sections

.text Size: 381KB - Virtual size: 381KB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 8KB - Virtual size: 37KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 452B

.text
Size: 381KB - Virtual size: 381KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 8KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 20KB - Virtual size: 19KB