373213993705afcd4907ad9f736d1bd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

373213993705afcd4907ad9f736d1bd1_JaffaCakes118
Size

1001KB
MD5

373213993705afcd4907ad9f736d1bd1
SHA1

24cc234c76458feea98ee12e266c73ab15c3d2d5
SHA256

2ab1c397c0a695ab2544202a23a7ca4d919e0fa0a79a5dc3cff3c2f95bbe9586
SHA512

23024d37591a165d6c81c3c3c0383c4c074c5b76023776155496d8dcd47cdbe456aba6947039bdeb81dce0975d0b312b3ccfa0eb14e299e91a7df7ac7b0cb737
SSDEEP

24576:O1DQJkKfVoQOqGnsy2wgUOjCDF4o/E+YvnkpkGja9DWsMRyVVeNE8:84R0njOjzcZKtGjAuMVkNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SRun3KPortal.exe

Files

373213993705afcd4907ad9f736d1bd1_JaffaCakes118
.zip
SRun3KPortal.exe
.exe windows:5 windows x86 arch:x86

d46fcb79297dbb4d701fade160b92e39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
HeapSize
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpiA
lstrcpynA
ExitProcess
GetEnvironmentVariableA
FlushFileBuffers
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
CreateDirectoryA
DeleteCriticalSection
ReleaseMutex
ExitThread
GetConsoleCP
InitializeCriticalSection
LCMapStringW
LocalFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetPrivateProfileStringA
lstrcpynW
GetVolumeInformationW
GetLogicalDriveStringsW
GetFileInformationByHandle
GetUserDefaultUILanguage
DeviceIoControl
TlsFree
TlsSetValue
TlsGetValue
RaiseException
GetLongPathNameA
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetModuleFileNameW
GetStdHandle
GetCurrentThreadId
GetCurrentProcessId
SetHandleCount
SetConsoleCtrlHandler
HeapReAlloc
LoadLibraryW
GetStartupInfoW
Sleep
HeapSetInformation
GetCommandLineA
VirtualQuery
VirtualProtect
GetModuleHandleW
GetTimeZoneInformation
SetStdHandle
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
GetProcessId
DuplicateHandle
VirtualFree
VirtualAlloc
Thread32Next
Thread32First
FileTimeToSystemTime
RtlUnwind
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
GetSystemDirectoryA
GetFullPathNameA
FlushInstructionCache
GetCurrentDirectoryW
IsBadReadPtr
IsDBCSLeadByte
TerminateProcess
TerminateThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
MultiByteToWideChar
DeleteFileA
CreateFileMappingA
MapViewOfFile
GetLogicalDriveStringsA
QueryDosDeviceA
UnmapViewOfFile
lstrcmpA
GetVersionExA
GetModuleHandleA
SetEndOfFile
FreeResource
MulDiv
FindResourceA
LoadResource
SizeofResource
LockResource
lstrlenW
WideCharToMultiByte
CheckRemoteDebuggerPresent
IsDebuggerPresent
SetLastError
CreatePipe
GetStartupInfoA
ReadFile
SetCurrentDirectoryA
GetCurrentProcess
GetStringTypeW
GetTempPathA
GetSystemInfo
GetVersion
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryExA
GetModuleFileNameA
WaitForSingleObject
GetExitCodeProcess
GetTickCount
MoveFileExA
GetTempFileNameA
SetFileAttributesA
GetFileAttributesA
ResetEvent
CreateEventA
SetEvent
TryEnterCriticalSection
ReleaseSemaphore
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateSemaphoreA
PostQueuedCompletionStatus
CreateMutexA
InterlockedPopEntrySList
GetACP
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
CreateFileW
GetFileSize
GetLocalTime
CloseHandle
FreeLibrary
lstrcpyA
Process32Next
CreateFileA
SetEnvironmentVariableA
Module32Next
GetCurrentDirectoryA
WriteConsoleW
Process32First
Module32First
OpenProcess
LoadLibraryA
GetProcAddress
CreateThread
CreateProcessA
OpenMutexA
OpenEventA
CreateToolhelp32Snapshot
GetVolumeInformationA
GetDriveTypeW
OutputDebugStringA
DebugBreak
GetLastError
InterlockedIncrement
CompareStringW
SetFilePointer
GetFileType
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
WriteFile
lstrlenA
PeekNamedPipe
InterlockedDecrement

user32

UnregisterClassA
InflateRect
OffsetRect
LoadStringA
CharNextA
GetWindowTextLengthA
SetWindowTextA
CreateAcceleratorTableA
GetWindowTextA
FindWindowA
MessageBoxA
SetForegroundWindow
HideCaret
CreateCaret
MonitorFromWindow
GetFocus
GetWindow
SetFocus
UnionRect
ShowWindow
BeginPaint
EndPaint
ExitWindowsEx
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
SetRect
ClientToScreen
GetClientRect
SetCursor
DispatchMessageA
TranslateMessage
GetMessageA
EnableWindow
ShowCaret
GetMonitorInfoA
GetCaretPos
SetCaretPos
DestroyAcceleratorTable
MoveWindow
GetSysColor
GetWindowRect
IsWindow
GetClassInfoExA
LoadCursorA
GetMenuDefaultItem
SetMenuDefaultItem
LoadMenuA
DefWindowProcA
DestroyIcon
KillTimer
GetWindowLongA
CallWindowProcA
CreateIconIndirect
LoadIconA
GetDesktopWindow
GetSubMenu
TrackPopupMenu
GetCursorPos
RegisterClassExA
CreateWindowExA
RegisterWindowMessageA
EnumDesktopsA
OpenWindowStationA
SetWindowPos
GetPropA
SetPropA
CharPrevA
SetTimer
ReleaseDC
GetDC
SetWindowLongA
DestroyMenu
IsMenu
LoadImageA
DrawTextA
AdjustWindowRectEx
RegisterClassA
DestroyWindow
SetActiveWindow
PostQuitMessage
GetKeyState
PtInRect
MapWindowPoints
IsRectEmpty
GetUpdateRect
IntersectRect
IsIconic
IsZoomed
SetWindowRgn
ScreenToClient
GetMenu
GetSystemMetrics
wsprintfA
PostMessageA
EnumWindows
GetThreadDesktop
GetUserObjectInformationA
GetProcessWindowStation
SendMessageA
EnableMenuItem

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

oleaut32

VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysAllocString
VariantInit
SysFreeString

gdi32

GdiFlush
GetCharABCWidthsA
GetStockObject
GetObjectA
GetTextExtentPoint32A
TextOutA
RoundRect
CreatePenIndirect
MoveToEx
GetTextMetricsA
CreateFontIndirectA
CreateSolidBrush
LineTo
CreatePen
GetDeviceCaps
BitBlt
SetWindowOrgEx
SetBkColor
Rectangle
RestoreDC
SaveDC
ExtTextOutA
SetStretchBltMode
CreateDIBSection
StretchBlt
CombineRgn
GetClipBox
CreateRoundRectRgn
SetTextColor
SetBkMode
CreateRectRgnIndirect
SelectClipRgn
DeleteDC
ExtSelectClipRgn
CreateBitmap
DeleteObject
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC

advapi32

CryptEncrypt
CryptDeriveKey
CryptDestroyKey
CryptGenRandom
RegEnumKeyExA
RegQueryInfoKeyW
RegCreateKeyExA
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyA
OpenProcessToken
OpenSCManagerA
StartServiceA
ControlService
ChangeServiceConfigA
OpenServiceA
QueryServiceStatus
RegDeleteValueA
RegQueryValueExA
CryptDecrypt
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA

shlwapi

PathAppendW

comctl32

_TrackMouseEvent
ord17

ws2_32

WSAIoctl
WSAGetOverlappedResult
gethostname
recv
send
WSASend
WSARecv
getnameinfo
shutdown
htonl
listen
accept
ntohl
getaddrinfo
freeaddrinfo
getprotobynumber
getservbyname
WSASetLastError
connect
getsockopt
ioctlsocket
setsockopt
select
closesocket
gethostbyname
htons
inet_addr
inet_ntoa
recvfrom
bind
WSAGetLastError
ntohs
sendto
getsockname
getpeername
WSAStartup
WSACleanup
socket

rasapi32

RasGetProjectionInfoA
RasGetConnectStatusA
RasEnumEntriesA
RasGetErrorStringA
RasEnumConnectionsA
RasDeleteEntryA
RasGetEntryPropertiesA
RasValidateEntryNameA
RasHangUpA
RasDialA
RasSetEntryPropertiesA

gdiplus

GdipDeleteGraphics
GdipFree
GdipAlloc
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipCreateStringFormat
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteBrush

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pconfig
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pcconfi
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lang
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d46fcb79297dbb4d701fade160b92e39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

gdi32

advapi32

shell32

shlwapi

comctl32

ws2_32

rasapi32

gdiplus

imm32

Sections

.text Size: 833KB - Virtual size: 832KB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 80KB - Virtual size: 142KB

.pconfig Size: 24KB - Virtual size: 23KB

.pcconfi Size: 512B - Virtual size: 448B

.lang Size: 78KB - Virtual size: 78KB

.config Size: 512B - Virtual size: 416B

.rsrc Size: 408KB - Virtual size: 407KB

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 833KB - Virtual size: 832KB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 80KB - Virtual size: 142KB

.pconfig
Size: 24KB - Virtual size: 23KB

.pcconfi
Size: 512B - Virtual size: 448B

.lang
Size: 78KB - Virtual size: 78KB

.config
Size: 512B - Virtual size: 416B

.rsrc
Size: 408KB - Virtual size: 407KB

.reloc
Size: 55KB - Virtual size: 55KB