4ba7de7ff40dc61b4cf516506f754079_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4ba7de7ff40dc61b4cf516506f754079_JaffaCakes118
Size

2.3MB
MD5

4ba7de7ff40dc61b4cf516506f754079
SHA1

84cb28af0bb71a125536143634e974feb781282a
SHA256

43f47f565499efe5fb5e1547d20d10b216ac69a7a3b7a8c31d198da10106ddd5
SHA512

dbef115ecb5e51a78a0905058c979764c51ed0cf019b8c0d7e22c61a1d65de603f9c6e1bdb0d2a2fd2159ba9216b77a020d13eb0303da4e4341c2a8d0da31937
SSDEEP

49152:GCDpdUniySvmLqnwKZNOoxcxt7hp8IkrRuG1QOr1oI81DqHs7Tkcp:GCDpkiySeEw0wEcxnKIk1UOZoOUkcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nonsense Diamond-Installer.exe

Files

4ba7de7ff40dc61b4cf516506f754079_JaffaCakes118
.zip
Nonsense Diamond-Installer.exe
.exe windows:6 windows x86 arch:x86

5bedfbcb3de8b69650554643ca0eb8b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
FreeLibraryAndExitThread
SetFileAttributesW
DeleteFileW
GetVolumeInformationW
GetLogicalDriveStringsW
CloseHandle
Process32FirstW
Process32NextW
GetLastError
Sleep
CreateToolhelp32Snapshot
GetFileAttributesW
GetTempPathW
CreateDirectoryW
LocalFree
FindResourceW
LoadResource
LockResource
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetCommandLineW
SizeofResource
ReadDirectoryChangesW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
FillConsoleOutputAttribute
WriteConsoleInputW
CreateFileA
ReadConsoleInputW
FillConsoleOutputCharacterW
FormatMessageW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
SetConsoleCtrlHandler
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GlobalUnlock
GlobalLock
GlobalSize
MulDiv
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
LocalAlloc
lstrlenW
LocalSize
GetModuleFileNameA
LoadLibraryExA
GetEnvironmentVariableW
InitializeCriticalSectionEx
GetTempPathA
GetTempFileNameA
CompareStringA
GetNumberFormatW
GetCurrencyFormatW
VerSetConditionMask
GetComputerNameW
VerifyVersionInfoW
FindFirstFileW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
AllocConsole
lstrcmpW
InitializeCriticalSection
DuplicateHandle
WaitForMultipleObjects
ReleaseSemaphore
VirtualAlloc
VirtualFree
LoadLibraryW
CreateThread
GetThreadPriority
SetThreadPriority
GetVersionExW
ResumeThread
CreateSemaphoreA
CreateEventA
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CancelIo
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWait
SetNamedPipeHandleState
CreateNamedPipeA
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
GetNamedPipeHandleStateA
WaitNamedPipeW
ConnectNamedPipe
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
GetFileInformationByHandle
MoveFileExW
CopyFileW
GetModuleHandleA
LoadLibraryA
FormatMessageA
DebugBreak
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo

user32

PostMessageW
GetWindowPlacement
IsWindowVisible
AnimateWindow
SetWindowPos
GetWindowRect
SetWindowLongW
GetWindowLongW
UpdateLayeredWindow
SetCursor
MapWindowPoints
UpdateWindow
ShowWindow
GetFocus
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
DestroyIcon
KillTimer
GetParent
IsWindow
SendMessageW
InvalidateRect
GetClientRect
GetSystemMetrics
AdjustWindowRectEx
CreateWindowExW
MessageBoxW
DestroyWindow
GetWindow
EnableWindow
SetActiveWindow
LoadIconW
LoadCursorW
RegisterClassExW
PostQuitMessage
DefWindowProcW
GetCursorPos
GetDesktopWindow
MoveWindow
IsWindowEnabled
RegisterClassW
RedrawWindow
WindowFromPoint
GetWindowThreadProcessId
GetWindowTextW
ReleaseDC
ReleaseCapture
DispatchMessageW
IsWindowUnicode
SystemParametersInfoW
GetClassLongW
SetWindowsHookExW
EnumThreadWindows
EndDeferWindowPos
SetCapture
GetUpdateRect
IsRectEmpty
GetMessageTime
UnhookWindowsHookEx
GetSysColor
GetDoubleClickTime
CallMsgFilterW
IsChild
ClientToScreen
GetMonitorInfoW
SetTimer
GetCapture
GetAsyncKeyState
BeginDeferWindowPos
SetClassLongW
GetActiveWindow
GetScrollInfo
NotifyWinEvent
SetWindowTextW
CallNextHookEx
ScreenToClient
MonitorFromWindow
GetDC
MonitorFromPoint
GetMessageExtraInfo
GetKeyState
DeferWindowPos
SetScrollInfo
EnumDisplayDevicesW
EnumDisplayMonitors
DestroyCaret
FindWindowW
GetKeyboardLayout
CreateCaret
SetCaretPos
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
CloseClipboard
CountClipboardFormats
EnumClipboardFormats
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
GetClipboardSequenceNumber
LoadStringW
MessageBeep
DestroyCursor
LoadCursorFromFileA
CreateIconIndirect
GetIconInfo
DrawIconEx
MessageBoxA
GetQueueStatus
PostThreadMessageW
MsgWaitForMultipleObjects
SetWinEventHook
DispatchMessageA
MapVirtualKeyW
GetMessageA
PeekMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
SetFocus

advapi32

GetUserNameW
CryptAcquireContextA
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptReleaseContext
CryptGenRandom
RegCloseKey

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
DragQueryFileW
SHGetFileInfoW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
ord74
ord727

ole32

CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
OleUninitialize
OleInitialize

urlmon

FindMimeFromData
URLDownloadToFileW

oleacc

LresultFromObject
AccessibleObjectFromWindow

uxtheme

SetWindowTheme
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
OpenThemeData

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmNotifyIME

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy

ws2_32

shutdown
WSASend
WSAIoctl
bind
WSARecvFrom
socket
WSARecv
ioctlsocket
WSASocketW
select
htons
FreeAddrInfoW
GetAddrInfoW
WSAGetLastError
setsockopt
getsockopt
WSAStartup
WSASetLastError
closesocket
listen

winmm

timeEndPeriod
timeBeginPeriod
timeSetEvent
timeGetTime
timeKillEvent
PlaySoundW

usp10

ScriptApplyDigitSubstitution
ScriptBreak
ScriptItemize
ScriptShape
ScriptPlace
ScriptFreeCache

gdi32

EndPage
GetDeviceCaps
GetStockObject
BitBlt
RestoreDC
EndDoc
SaveDC
GetClipBox
SetLayout
CreateCompatibleDC
CreateDIBSection
SelectObject
StartPage
CreateDCW
SetMapMode
SetViewportOrgEx
StartDocW
CreateBitmap
GetFontUnicodeRanges
EnumFontFamiliesExW
CreateFontW
GetObjectA
GetGlyphIndicesW
DeleteObject
GetDIBits
GetObjectW
AddFontMemResourceEx
DeleteDC

winspool.drv

ord203

comdlg32

GetSaveFileNameW
PrintDlgW
CommDlgExtendedError
GetOpenFileNameW

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SysAllocStringLen
SafeArrayCreateVector

gdiplus

GdipBitmapUnlockBits
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipBitmapLockBits
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipGetCellAscent
GdipGetFontSize
GdipGetEmHeight
GdipGetCellDescent
GdipDrawString
GdipAddPathString
GdipGetFontStyle
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipDeleteFont
GdipCreateFontFromDC
GdipGetLineSpacing
GdipCreateFontFromLogfontA
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipGetSmoothingMode

wininet

InternetSetOptionW
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetErrorDlg
InternetQueryOptionW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoW
InternetReadFile

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 971KB - Virtual size: 971KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bedfbcb3de8b69650554643ca0eb8b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

urlmon

oleacc

uxtheme

imm32

comctl32

ws2_32

winmm

usp10

gdi32

winspool.drv

comdlg32

oleaut32

gdiplus

wininet

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 971KB - Virtual size: 971KB

.data Size: 143KB - Virtual size: 167KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 245KB - Virtual size: 244KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 971KB - Virtual size: 971KB

.data
Size: 143KB - Virtual size: 167KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 245KB - Virtual size: 244KB