13812c1d852e23c69550e85efa428cd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13812c1d852e23c69550e85efa428cd8_JaffaCakes118
Size

275KB
MD5

13812c1d852e23c69550e85efa428cd8
SHA1

2d0237855f3a9c60b326095b41f74446467e67b1
SHA256

c73c115bef7316987b282708fc687b0241ab3ac66e36ecca73be3286c54919cf
SHA512

f05f642e40a1be72b4caa0eb73579b05739c6c4f848362cb9d4d22b77d213f37fe32bd10711e9f2ebacb122d0e292c8df38100fe1e5c57b99e88100b75b275fb
SSDEEP

6144:xAUJCp6vze1AKU7MK91fH9MqR2/TY/3LFY16BumUF6jXeDp:6UI6G891/CLE/qMlWSY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe
unpack002/begcabjfeh.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/setup.exe	nsis_installer_1
static1/unpack001/setup.exe	nsis_installer_2

Files

13812c1d852e23c69550e85efa428cd8_JaffaCakes118
.zip
setup.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
begcabjfeh.exe
.exe windows:5 windows x86 arch:x86

f53680fcb218606fb91bea46d53ac736

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

kernel32

GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
ExitProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
MulDiv
lstrcmpW
GetModuleFileNameW
FindResourceW
MultiByteToWideChar
GetCommandLineW
GlobalHandle
GlobalFree
CreateThread
GetVersion
GetExitCodeProcess
WaitForSingleObject
Sleep
FindClose
CloseHandle
CreateProcessW
DeleteFileW
FindFirstFileW
FindNextFileW
IsWow64Process
WideCharToMultiByte
SetEvent
GlobalAlloc
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LocalFree
FormatMessageW
DecodePointer
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WriteFile
GetStdHandle
GetSystemTimeAsFileTime
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
RtlUnwind
EncodePointer
OutputDebugStringW
IsDebuggerPresent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
LockResource
TlsFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
TlsSetValue
GetFileType
ReadFile
SetFilePointerEx
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentProcessId
InterlockedDecrement
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
ReadConsoleW
CreateFileW
SetEndOfFile
TlsGetValue
CreateDirectoryW

user32

GetDesktopWindow
SetWindowLongW
FillRect
GetSysColor
LoadCursorW
ClientToScreen
GetParent
MessageBoxA
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetClassNameW
GetWindow
MessageBoxW
CreateDialogIndirectParamW
EndDialog
GetSystemMetrics
GetWindowRect
SetWindowContextHelpId
MapDialogRect
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageA
PostThreadMessageW
SetTimer
KillTimer
ScreenToClient
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
SendDlgItemMessageW
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
RegisterWindowMessageW
PostMessageW
GetWindowLongW

gdi32

SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
DeleteDC
CreateSolidBrush

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance

oleaut32

DispCallFunc
VariantCopy
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 291KB

.ndata Size: - Virtual size: 304KB

.rsrc Size: 2KB - Virtual size: 2KB

f53680fcb218606fb91bea46d53ac736

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

iphlpapi

Sections

.text Size: 430KB - Virtual size: 429KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 291KB

.ndata
Size: - Virtual size: 304KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 430KB - Virtual size: 429KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 23KB - Virtual size: 23KB