7e8613a5c311ebe71845e85eb5d9c257_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7e8613a5c311ebe71845e85eb5d9c257_JaffaCakes118
Size

3.6MB
MD5

7e8613a5c311ebe71845e85eb5d9c257
SHA1

05e82b4303d78bdee3bbc59a94245ff6b95ffc62
SHA256

ca1312148411e3e4aedb238c373baa549bd687ea5245e9be1b3652a3a45fe408
SHA512

51bb4f5e79060045803a4276b8c0336c2b5e087105bbd0788f5e5032a2620e8cf1c13544c6e408840547497d5eb074f4032184e8c7362bc1ff3ff46eb4c12909
SSDEEP

98304:BdE1UK50vy2YPlpApxGh5ZY1j9wB4AZ/BtDelJ4VWj:el6vy2AlOzG3ZcqB4UA4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
7e8613a5c311ebe71845e85eb5d9c257_JaffaCakes118
unpack001/$TEMP/scratch/s2exe.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

7e8613a5c311ebe71845e85eb5d9c257_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55f3dfd13c0557d3e32bcbc604441dd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CloseHandle
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/health.sb
$TEMP/scratch/open.fnr
$TEMP/scratch/s2exe.exe
.exe windows:4 windows x86 arch:x86

b90eea811d21ff2e6884ff0e58cc2183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
IsBadWritePtr
lstrlenW
FatalAppExitA
DebugBreak
lstrcpyW
FindResourceA
FreeResource
LoadResource
GetCurrentProcess
SizeofResource
GetConsoleWindow
LockResource
CloseHandle
CreateFileA
ReadFile
VirtualFree
FreeLibrary
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
GetProcAddress
VirtualAlloc
VirtualAllocEx
LoadLibraryA
GetSystemInfo
GetCurrentThreadId
WriteProcessMemory
GetFileSize
SetFilePointer
WriteFile
Sleep
SystemTimeToTzSpecificLocalTime
GetTickCount
GetTimeZoneInformation
GetCurrentThread
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
EnterCriticalSection
OpenThread
GetExitCodeThread
DeleteCriticalSection
SuspendThread
ResumeThread
AllocConsole
ReadConsoleA
FlushConsoleInputBuffer
SetConsoleMode
SetConsoleTitleA
GetStdHandle
SetConsoleCtrlHandler
SetConsoleWindowInfo
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
InterlockedIncrement
VirtualProtect
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
GetFullPathNameA
HeapReAlloc
ExitThread
CreateThread
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
DuplicateHandle
MoveFileA
CreateProcessA
DeleteFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LCMapStringW
LoadLibraryW
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
RaiseException
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetDriveTypeW
CompareStringW
IsProcessorFeaturePresent
CreatePipe
GetExitCodeProcess
HeapSize
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
GetFileAttributesA
LocalFree
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
GetModuleFileNameA
GetModuleHandleA
IsBadReadPtr
SetErrorMode

user32

WinHelpA
IsWindowVisible
IsWindow
RegisterClassA
CallWindowProcA
MapWindowPoints
EqualRect
GetActiveWindow
ShowWindow
LoadIconA
SetWindowPos
CreateWindowExA
DefWindowProcA
GetSystemMenu
SetActiveWindow
IsIconic
ModifyMenuA
GetWindowThreadProcessId
GetMessageA
TranslateMessage
PeekMessageA
DispatchMessageA
SetForegroundWindow
SetWindowRgn
GetWindowRect
wsprintfA
SetFocus
OffsetRect
IntersectRect
MessageBoxA
GetWindowLongA
GetClientRect

ole32

OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemAlloc
OleCreate
OleSetContainedObject
StringFromIID
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject
CoRevokeClassObject
MkParseDisplayName
CreateBindCtx
CoCreateInstance
CoLockObjectExternal
StringFromCLSID
OleInitialize
OleUninitialize
CoTaskMemFree

shlwapi

StrFormatByteSize64A
SHDeleteKeyA

gdi32

SetWindowOrgEx
SetWindowExtEx
DeleteObject
CreateRectRgnIndirect
SetViewportExtEx
SetViewportOrgEx
SetMapMode

advapi32

RegEnumKeyExA
RegQueryValueExA
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

oleaut32

GetActiveObject
VariantInit
VariantCopyInd
VariantClear
LoadTypeLibEx
SysFreeString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
LHashValOfNameSys
SafeArrayCreateVector
VariantTimeToSystemTime
SafeArrayAccessData
VariantCopy
SafeArrayDestroy
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayGetDim
VariantChangeType
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayPutElement
DispGetIDsOfNames
UnRegisterTypeLi

Sections

.text
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55f3dfd13c0557d3e32bcbc604441dd3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 39KB - Virtual size: 38KB

b90eea811d21ff2e6884ff0e58cc2183

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

shlwapi

gdi32

advapi32

oleaut32

Sections

.text Size: 490KB - Virtual size: 490KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 285KB - Virtual size: 284KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 39KB - Virtual size: 38KB

.text
Size: 490KB - Virtual size: 490KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 285KB - Virtual size: 284KB