3cce3de3c2982edcc2a7ddcbef1179b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cce3de3c2982edcc2a7ddcbef1179b0_JaffaCakes118
Size

6.9MB
MD5

3cce3de3c2982edcc2a7ddcbef1179b0
SHA1

64695b9dda741b9a3d422f9244374b7ce47f7a71
SHA256

bb161cf820d6f018fe5d3bf4165852d43774b3ec9340b915e7f5c7079242dcba
SHA512

e6002ba1e7412744929dca97a26939c3cc7454931fb5f4803677731fd1dab0dc42ea35d5b60d2a4d3c6a487f649fea142d79d0e2637150b7920ee45bce8dfd56
SSDEEP

98304:8ctEzWJi0ikY8u+tTu/fR/b0Wl3y1+sIR/hrr26DJCdEPv0Eve834H2oo5uQT+fY:8chi0pY8Pu/J/hl3y1SBadinvTTzpFHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
3cce3de3c2982edcc2a7ddcbef1179b0_JaffaCakes118
unpack001/$PLUGINSDIR/IzogAFQgICl.dll
unpack001/$PLUGINSDIR/NEXvyoWFybL.dll
unpack001/$PLUGINSDIR/xMXhDJUIerR.dll

Files

3cce3de3c2982edcc2a7ddcbef1179b0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4806b4197823b45fcaf025f7c0a07e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
CreateDirectoryW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
SearchPathW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
GetTickCount
GetModuleFileNameW
GetCurrentProcess
ExitProcess
SetErrorMode
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
CopyFileW
GlobalLock
GlobalUnlock
CreateThread
lstrcpynA
lstrcpynW
lstrlenW
LoadLibraryW
GetDiskFreeSpaceW
GetProcAddress
GetVersion
OpenProcess
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
LoadLibraryA
GetModuleHandleA
CreateProcessW
GetSystemDirectoryW
GetTempFileNameW
RemoveDirectoryW
CreateFileW
GetVersionExW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
ReadFile
WritePrivateProfileStringW
LCMapStringW
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapFree
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleExW
DecodePointer
EncodePointer
GetCurrentThreadId
GetStartupInfoW
TlsFree
TlsSetValue
WriteConsoleW
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetModuleHandleW
LoadLibraryExW
lstrlenA
WriteFile
Sleep
WaitForSingleObject
lstrcmpiW
lstrcmpW
CompareFileTime
MulDiv
CloseHandle
SetFileTime
FindClose
SetFilePointer
GetLastError
GetExitCodeProcess
GetShortPathNameW
GlobalFree
GlobalAlloc
FreeLibrary

user32

BeginPaint
DrawTextW
DefWindowProcW
EmptyClipboard
EndPaint
MessageBoxIndirectW
CharPrevW
CharNextA
CharUpperW
GetDlgItemTextW
SetDlgItemTextW
PeekMessageW
GetClientRect
FillRect
wsprintfW
SendMessageW
DispatchMessageW
wsprintfA
SystemParametersInfoW
LoadCursorW
LoadBitmapW
SetClassLongW
GetWindowLongW
GetSysColor
ScreenToClient
SetCursor
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
GetWindowRect
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW

gdi32

SelectObject
CreateBrushIndirect
SetBkMode
SetTextColor
GetDeviceCaps
CreateFontIndirectW
DeleteObject
SetBkColor

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

comctl32

ImageList_Destroy
ImageList_Create
ord17
ImageList_AddMasked

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 996KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IzogAFQgICl.dll
.dll windows:5 windows x86 arch:x86

8fb37e08588b8fef3e5b1c7197baf6f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
OutputDebugStringW
GetProcessHeap
GetDriveTypeA
OpenProcess
InitializeCriticalSectionAndSpinCount
SizeofResource
HeapDestroy
MultiByteToWideChar
RaiseException
GetFileSizeEx
GetLastError
HeapSize
GetLocalTime
LockResource
GlobalMemoryStatusEx
DecodePointer
FindAtomA
FoldStringW
DeleteCriticalSection
OpenFileMappingW
SetEnvironmentVariableA
FlushFileBuffers
GetStringTypeW
WriteConsoleW
SetStdHandle
LCMapStringW
CompareStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetThreadIOPendingFlag
GetNativeSystemInfo
LoadLibraryExW
SystemTimeToFileTime
LoadLibraryW
IsProcessInJob
GetSystemPowerStatus
IsProcessorFeaturePresent
MulDiv
CreateFileW
GetPrivateProfileIntW
VerifyVersionInfoW
OpenWaitableTimerW
GetPrivateProfileStructA
GetThreadPriority
EraseTape
OutputDebugStringA
CloseHandle
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
FreeLibrary
GetBinaryTypeW
GetProcAddress
FoldStringA
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
SetLastError
GetTimeZoneInformation
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

ArrangeIconicWindows
DestroyAcceleratorTable
CreateMDIWindowW
CreateIconIndirect
CallMsgFilterA
CallWindowProcA
DispatchMessageA
CopyIcon
CharUpperBuffW
ChangeMenuW
wsprintfW
CharLowerBuffA

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysStringByteLen
VarCyFromI4
SysAllocStringLen
VarCmp
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

Exports

Exports

DLmVYGuRTVZd
EYrvAJd
KuIHewvedS
LiECe
nWhKlZBPVTAD
rdtC

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NEXvyoWFybL.dll
.dll windows:5 windows x86 arch:x86

152ff3ada553caac448da00df0a87837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
MultiByteToWideChar
GetStringTypeW
RtlUnwind
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileSize
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalFree
lstrcpynW
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetLastError
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
HeapReAlloc
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

oleaut32

SysFreeString
SysStringByteLen
SysAllocString
VariantClear
VariantCopy
SysAllocStringByteLen
SysAllocStringLen

rtm

RtmReleaseDests
RtmRegisterClient
RtmGetEntityInfo
RtmReleaseNextHops
RtmGetFirstRoute
MgmGetFirstMfeStats
RtmRegisterForChangeNotification

Exports

Exports

IbDbEAAHIvfLhHl
SVwPkqf
fOPqAAZS
fQzakLMkPQGLVGj
fxXLzZLSVUGncS

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/afjr.mp3
$PLUGINSDIR/xMXhDJUIerR.dll
.dll windows:5 windows x86 arch:x86

8e25e306ff6be019e3cd67a7feb4bf50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetStringTypeW
LCMapStringW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
CreateFileW
ReadFile
SystemTimeToFileTime
CreateDirectoryW
GetFileAttributesW
CloseHandle
LocalFileTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
SetFileTime
WriteFile
GlobalFree
lstrcpynW
GlobalAlloc
RtlUnwind
RaiseException
DecodePointer
EncodePointer
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

pdh

PdhBrowseCountersHW
PdhOpenQueryW
PdhExpandCounterPathA
PdhExpandCounterPathW
PdhGetLogFileSize
PdhLookupPerfIndexByNameA
PdhAddCounterA
PdhSetDefaultRealTimeDataSource
PdhValidatePathA
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhGetLogSetGUID
PdhLookupPerfNameByIndexA
PdhConnectMachineW

user32

wsprintfW

oleaut32

VarCyFromI4
VariantCopy
VariantClear
VariantInit
SysAllocString

Exports

Exports

IDKKHgdEiYdBnr
JHrlDdjGBlcKtMbLEs
VpWYhbspjEewAF
cCFIvsyluRCQWtaPr
rWKThiakaWyDaxm
yjcpp

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/jozMSgkiCVg.js
.js

Sharing

General

Malware Config

Signatures

Files

4806b4197823b45fcaf025f7c0a07e1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

advapi32

comctl32

version

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 3.7MB

.ndata Size: - Virtual size: 996KB

.rsrc Size: 69KB - Virtual size: 12.9MB

8fb37e08588b8fef3e5b1c7197baf6f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 293KB - Virtual size: 293KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

152ff3ada553caac448da00df0a87837

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

rtm

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 21KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 36KB - Virtual size: 36KB

8e25e306ff6be019e3cd67a7feb4bf50

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

pdh

user32

oleaut32

Exports

Exports

Sections

.text Size: 187KB - Virtual size: 187KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 3.7MB

.ndata
Size: - Virtual size: 996KB

.rsrc
Size: 69KB - Virtual size: 12.9MB

.text
Size: 293KB - Virtual size: 293KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 36KB - Virtual size: 36KB

.text
Size: 187KB - Virtual size: 187KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 17KB - Virtual size: 17KB