216de5915990a2a480f7d30f2f81da8f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

216de5915990a2a480f7d30f2f81da8f_JaffaCakes118
Size

945KB
MD5

216de5915990a2a480f7d30f2f81da8f
SHA1

919a8aa62096c5e436bf998be9b9b33b42fb211e
SHA256

4a833b842da4b80715e9b02dc862fc3fd5fcda28a0e559e982876d024262b7f7
SHA512

3338a2e81fa7a6789b6c0493df68e753e6179b8f84f004d7afe18f6126f01b2638195076370bf1d8c79757841b8254753578095c4c45178f644df23e283aa657
SSDEEP

24576:TElnUTShxtgQAHPFUKxc5u8HqnmTp14UPfQ3:gwShEQAgTCC4UQ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Plugins/CmdBar.dll
unpack001/betab.exe
unpack003/#/1.exe
unpack003/#/2.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/betab.exe	nsis_installer_1
static1/unpack001/betab.exe	nsis_installer_2

Files

216de5915990a2a480f7d30f2f81da8f_JaffaCakes118
.zip
.DS_Store
00-ioncube.ini
Plugins/CmdBar.dll
.dll windows:4 windows x86 arch:x86

8237a071a93d3584cd8637b75759e33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Animate
_Assemble
_Broadcast
_Createwatchwindow
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletenamerange
_Disasm
_Dumpbackup
_Expression
_Findalldllcalls
_Findlabel
_Findmemory
_Findthread
_Getcputhreadid
_Getstatus
_Go
_Hardbreakpoints
_Insertname
_Insertwatch
_OpenEXEfile
_Plugingetvalue
_Pluginsaverecord
_Registerpluginclass
_Runtracesize
_Sendshortcut
_Setbreakpoint
_Setcpu
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Startruntrace
_Unregisterpluginclass
_Writememory

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
WritePrivateProfileStringA
lstrlenA

comdlg32

ChooseFontA

gdi32

CreateFontIndirectA
CreateSolidBrush
DeleteObject

user32

BeginPaint
CallWindowProcA
CreateWindowExA
DefWindowProcA
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetSysColor
GetWindow
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
MessageBoxA
MoveWindow
ScreenToClient
SendMessageA
SetFocus
SetWindowLongA
SetWindowTextA
ShowWindow
WinHelpA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/CmdBar.ini
Plugins/macro.def
Plugins/readme_e.txt
Plugins/readme_j.txt
Plugins/src300108.zip
.zip
CmdBar.c
Makefile
cmdexec.c
cmdexec.h
cmdlist.h
betab.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
#/1.exe
.exe windows:4 windows x86 arch:x86

d9ded559bb1316fce5f58407bf68ee01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CryptUnregisterOIDFunction

shell32

Control_RunDLLW

advapi32

RegNotifyChangeKeyValue

ole32

IsValidPtrIn

advpack

RebootCheckOnInstall

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
#/2.exe
.exe windows:4 windows x86 arch:x86

d9ded559bb1316fce5f58407bf68ee01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CryptUnregisterOIDFunction

shell32

Control_RunDLLW

advapi32

RegNotifyChangeKeyValue

ole32

IsValidPtrIn

advpack

RebootCheckOnInstall

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ioncube_loader_lin_5.4.so
.elf linux x64

Sharing

General

Malware Config

Signatures

Files

8237a071a93d3584cd8637b75759e33d

Headers

File Characteristics

Imports

ollydbg.exe

kernel32

comdlg32

gdi32

user32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 13KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 68KB - Virtual size: 68KB

d9ded559bb1316fce5f58407bf68ee01

Headers

File Characteristics

Imports

crypt32

shell32

advapi32

ole32

advpack

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 512B - Virtual size: 380B

.data Size: 5KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

d9ded559bb1316fce5f58407bf68ee01

Headers

File Characteristics

Imports

crypt32

shell32

advapi32

ole32

advpack

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 512B - Virtual size: 380B

.data Size: 5KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 13KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 68KB - Virtual size: 68KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 512B - Virtual size: 380B

.data
Size: 5KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 512B - Virtual size: 380B

.data
Size: 5KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB