49114a20a4022f7b57c0b7cda5d31096_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49114a20a4022f7b57c0b7cda5d31096_JaffaCakes118
Size

602KB
MD5

49114a20a4022f7b57c0b7cda5d31096
SHA1

209d2a5ec8450422364ea1023f913923d478e41a
SHA256

b7709f0b365b87e31ed278627de89b8c3b06ba06ccc995e5e0abbf7bffc4b234
SHA512

6bf7f393790efd9f7dec921c0991e550187e490f1196437a814754fb1b5a355b6c276883fb7b95fb4d8e3499c31b3bfacf42f242a3effa8d26099b19d8fd6f44
SSDEEP

12288:Gphiu/evTLzAxdLkCAsAgEu2rQWCwIaFHufnlIjCuut69tBPdnok:Gpvi5CRAgKcWCAFH8ptw9tBlnok

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SSF_011_alpha_R3/SSF.exe
unpack001/SSF_011_alpha_R3/SSFV_Encoder.dll
unpack001/SSF_011_alpha_R3/SSFV_Reader.aui
unpack001/SSF_011_alpha_R3/ZIP_Decoder.dll

Files

49114a20a4022f7b57c0b7cda5d31096_JaffaCakes118
.zip
SSF_011_alpha_R3/Readme.txt
SSF_011_alpha_R3/SSF.exe
.exe windows:5 windows x86 arch:x86

0082e7320cf653738ef1854b660da704

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ord6

comdlg32

GetOpenFileNameA

d3d9

Direct3DCreate9

d3dx9_42

D3DXAssembleShader

ddraw

DirectDrawCreateEx

dinput8

DirectInput8Create

gdi32

GetStockObject

imm32

ImmGetDefaultIMEWnd

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

user32

LoadCursorA
AdjustWindowRectEx
PostMessageA
SetCursor
GetMessageA
GetWindowRect
SetActiveWindow
CreateDialogParamA
SendDlgItemMessageA
SetForegroundWindow
LoadMenuA
SendMessageA
TranslateMessage
ShowCursor
CreateIcon
GetDlgItem
EndDialog
SetWindowPos
ShowWindow
SetMenu
ClipCursor
DispatchMessageA
UnhookWindowsHookEx
MapWindowPoints
UpdateWindow
EnableWindow
SetMenuItemInfoA
GetDlgItemTextA
DialogBoxParamA
DestroyIcon
MoveWindow
LoadStringA
GetAsyncKeyState
SetWindowTextA
SetDlgItemTextA
GetMonitorInfoA
SetRect
ClientToScreen
DestroyWindow
RegisterClassExA
PostQuitMessage
GetClientRect
MessageBoxA
CreateWindowExA
DefWindowProcA

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

kernel32

GetProcessHeap
CreateFileW
HeapSize
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsProcessorFeaturePresent
SetStdHandle
GetStringTypeW
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
SetFilePointer
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
ReadFile
RtlUnwind
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
TerminateProcess
EncodePointer
IsDebuggerPresent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateThread
Sleep
CloseHandle
SuspendThread
ResumeThread
CreateThread
FindFirstFileA
GetLastError
FindClose
FindNextFileA
SetPriorityClass
GetCurrentProcess
WaitForSingleObject
SetEvent
GetCurrentThread
VirtualFree
GetPriorityClass
CreateEventA
GetFileAttributesA
CreateSemaphoreA
GetEnvironmentVariableA
SetThreadPriority
CreateDirectoryA
VirtualAlloc
ResetEvent
GetLocalTime
GetExitCodeThread
WaitForMultipleObjects
GetModuleFileNameA
DeleteCriticalSection
SetThreadAffinityMask
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
DeviceIoControl
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 132.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 537KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSF_011_alpha_R3/SSFV_Encoder.dll
.dll windows:5 windows x86 arch:x86

e2e2e31677a850271788b89a1e55f9e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetStartupInfoW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CreateDirectoryA
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent

Exports

Exports

GetAvarageBitrate
GetFramePerSecond
Initialize
Release
WriteFrame

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSF_011_alpha_R3/SSFV_Reader.aui
.dll windows:5 windows x86 arch:x86

d9472c4c32d344d9a71f168ef407e19c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetStartupInfoW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateDirectoryA
GetLastError
CloseHandle
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
EncodePointer
HeapFree
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent

Exports

Exports

GetInputPluginTable

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSF_011_alpha_R3/ZIP_Decoder.dll
.dll windows:5 windows x86 arch:x86

3d03c6b0d38730828bcfa7d10fe59134

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

SetLastError
DeleteFileA
GetLastError
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
HeapAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
RtlUnwind
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
CloseHandle
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
GetProcAddress
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetModuleFileNameW
CreateFileA
SetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
SetEndOfFile
GetProcessHeap
CreateFileW
GetStringTypeW
LCMapStringW

Exports

Exports

DecodeFile
DecodeMemory
GetDecodeFileSize
GetFileNumber
GetRealFilename
Initialize
Release

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0082e7320cf653738ef1854b660da704

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

d3d9

d3dx9_42

ddraw

dinput8

gdi32

imm32

ole32

user32

winmm

kernel32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 633KB - Virtual size: 633KB

.data Size: 415KB - Virtual size: 132.3MB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 537KB - Virtual size: 536KB

e2e2e31677a850271788b89a1e55f9e0

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 8.4MB

.reloc Size: 26KB - Virtual size: 25KB

d9472c4c32d344d9a71f168ef407e19c

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.2MB

.reloc Size: 7KB - Virtual size: 7KB

3d03c6b0d38730828bcfa7d10fe59134

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 633KB - Virtual size: 633KB

.data
Size: 415KB - Virtual size: 132.3MB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 537KB - Virtual size: 536KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 8.4MB

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.2MB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 6KB - Virtual size: 5KB