3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118
Size

170KB
MD5

3bc88ab2dae5dd7dc924b64e45a5e831
SHA1

abae00114caf6af0927deae70295a62adb8737e7
SHA256

22b08a645804b31fa9c5c3b99c45bf1abe15a10ad9fe49256e6397b4cea90186
SHA512

96e7df730b4316a28d1682b28d81b32c99c877b1dad363f060cd73b512c6e407b3a8e92988b0ce9bdc681d3f08612d0dcd229af93c115082f49fbf6c50b1ff97
SSDEEP

3072:t8Dsp+FNX1dFOvDlXJulh1l5Hw1PaxwJSY3pS7q/y/Ds1xZ0TAxiFK2HkoHd:t8dNXSElh1lxq7ZpQqa/ExZ0WiEQkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/CDRom.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CDRom.dll
.dll windows:4 windows x86 arch:x86

ebfe87f9d8e9fed808f037d5a6f1c282

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
OpenBackupEventLogA

gdi32

GetMetaFileW

kernel32

DeleteCriticalSection
EnterCriticalSection
FileTimeToDosDateTime
GetAtomNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetThreadSelectorEntry
InitializeCriticalSection
LeaveCriticalSection
OpenMutexW
SetProcessShutdownParameters
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
lstrcmpA

msvcrt

__dllonexit
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf

user32

DestroyWindow
SetMenuInfo
SetThreadDesktop
UnregisterClassA

Exports

Exports

_2V5FbK
_2bXJP5Tv8
_45rwrXd4K
_49uHAk99
_4DFxrTy
_4drepD
_4kNwa
_4n2UB
_4wUSzCHPR
_5FSddF4
_5M8ahxjUT
_5XD5D
_5a4fr
_5eE9A263
_6DhTtV
_6ELkuujW
_6K4W2dT
_6Smdk
_6whq4HAF
_83Bk53DS
_8e3hc
_8ktCX
_8zjkFNU8M
_9BWVJhhnu
_9WAVuXcT9
_9aarBc
_9dDPxtbX
_A2U55
_A6gcrKL
_AAW9Va
_ALg2h
_AaxAVq
_Amt8x3H
_AqGqv3
_Aug38
_AyyEvDMbS
_B4tWeG2X
_B9E9D5p
_BPmpcz
_BSuAH
_BVfLxgW
_Bbk2J
_BhnknLJ
_Bwa8bVXLN
_CE8aSC3
_CpeAu4XC
_Dd3JRwsh
_Dv36Y
_E4xg9vD
_ErEtFfY
_FHYUUPD
_FKMWFBw
_GAYqKu99G
_GS2XWa
_GVA8Dnv
_Gh3Jer
_Gs5qMR
_Gwn9wed
_HSS36jY
_HSbcJwuw
_HVvznGaWe
_HsChFATgY
_Hy6asUBL
_JPbG5y5g
_JU9LD
_K6DVE4
_Kgs8wYe9b
_KjC5Dpd
_LB8wrdkGH
_LfYpBv
_LgscAUkLw
_LrLxG
_Lt3EetF
_LuHNuSJ
_LwGrUC5jE
_M3G549
_MTAyuq
_MqsEnM
_NvHRzfx
_PKKFbs
_PYrRM
_PkPufV
_Pte2bc
_RHd3LuLLB
_RVF3r
_RW2mME
_RqrTcJ3c
_TBnYnsG
_TK5Gnty8
_TSzgKSzUa
_Th4xz
_TqFPwNkmL
_TxW5gAE
_UPUmF
_UWLGybr
_UaBS4
_Uf5KbWsg
_UjeeN
_UpKSS9V
_V3mVDXAb
_VJUgRs26y
_VUgDec2sn
_Vzfbz
_W2DAL9BCd
_W9xGEgW
_WC2CpNk
_WdS3r
_WhXz9p
_WtjdmSe
_X48WdjtF
_XBkcGe2
_XRMbqN
_XtLEbEMN
_XzgJesk3
_Y4vaW
_YAym5U2n
_YLryR
_YRfvD
_YRtLR
_YT6nmf
_Yex4SG
_YsKGSUn
_YtCvE
_aCYzb3
_aUTnR
_aeVUkRjX5
_agk9a
_arpPac
_aruKLhcy
_bMtwsY2
_bbrN5zB
_bgYUPW8
_bhaKH25gE
_bngBzStk
_bpLDW2KGb
_cFUNJY
_cfFbAWyUw
_cyYnAb
_d63erY
_dhrbrGUEv
_dkE6VxXy
_dyd45fNV
_e6ThXXhLr
_eeTzL
_ehgaDs
_f2dEkXa
_fnE2Pw
_fvTPx
_g9HCn9q
_gLqFjrW
_gfuej9k
_ghdFCL
_guCj3YL
_hKsD6
_jMhde
_jjqmupgg
_k9FyGSvNc
_kEEKM
_kHEEqf
_kbErX9x
_km6Dd
_mSR5A9GR
_mUV2DLGr
_n6eTDYyW
_nN3jRsN
_nUTkqJtJ
_nqmqg9mJs
_p9CC3F99
_p9kGB9Y6
_pu4KCA
_q4tfPv8g
_q8qbSLy
_qFNMqu
_qW3ry8
_qssvWdJ
_qz2cdw
_rBy8NkFVc
_rUMcwnD
_ra42YzR
_rrt4fmXq2
_sA6Mh9pwe
_sBxpKUcD
_tcyEdUuu
_tf8DKgYzt
_tnUFVB
_uHKfhSK
_uWfAxCz
_uXw5kkyf
_uzSua
_v2KU3
_vFkA9kuTS
_vPhzvwE5
_vPn5t
_vbp5u
_vqjLeen6s
_vtWAyLfW
_wGCthUr93
_wTxFcU
_x8USdP
_xAPT8
_xJ8Jxq3
_xJ9grmLe
_xLzthNBFn
_xWqHLxL
_xbkrURLxU
_y3tXDdx
_yBw53
_yHPXz5Jr
_yHeCKH
_yJ5XFCYVh
_yrscq
_ywYUjt5
_zb2RkB
_ztG2RvvvB

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 92B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lustreware.29L
PuckBoutique.A

Sharing

General

Malware Config

Signatures

Files

e160ef8e55bb9d162da4e266afd9eef3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 149KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 17KB - Virtual size: 16KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 610B

ebfe87f9d8e9fed808f037d5a6f1c282

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 492B

.eh_fram Size: 1024B - Virtual size: 808B

.bss Size: - Virtual size: 92B

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 149KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 610B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 492B

.eh_fram
Size: 1024B - Virtual size: 808B

.bss
Size: - Virtual size: 92B

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 1KB