80ee776d947ede3fd867de882307d9ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

80ee776d947ede3fd867de882307d9ae_JaffaCakes118
Size

3.8MB
MD5

80ee776d947ede3fd867de882307d9ae
SHA1

59e16ba41743861d75180c8030c8afc11ca181e5
SHA256

cb4b33a5ad171808f7e4a938b051f1f323ed4725083fa33e8b46d02a8c53684a
SHA512

799b4734d47a3d724fce08d67da2a7a6fe2a0778a0a4a362d7269f59bcaea2568a2a1488bd343b3fbd13d53bf92b59b4db140bab7bcbbab84a71a569f335f2de
SSDEEP

49152:ffViuazP70G2ctRoxBxRYpD8PatAjE3BAROAtyeoNjsPoaunUriQ93P9Z/Kv+9Hr:faHr2ctCt0fAt3QaunUriGZiv+ofEgzg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ISSetup.dll

Files

80ee776d947ede3fd867de882307d9ae_JaffaCakes118
.zip
0x0409.ini
ISSetup.dll
.dll regsvr32 windows:6 windows x86 arch:x86

a35e6298eec7ac5fd42405b7ed69a5dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rpcrt4

UuidCreate

winmm

sndPlaySoundW

user32

DestroyWindow

gdi32

CreatePalette

advapi32

IsValidSecurityDescriptor

shell32

SHGetFolderPathW

ole32

CoCreateInstance

oleaut32

GetErrorInfo

shlwapi

SHStrDupW

version

VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
GetScriptEngine
InstallEngineTypelib
RemoveEngineTypelib
SuiteIsFeatureInstalled
SuiteStartupInstall

Sections

.text
Size: 457KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OEM.INI
data1.cab
data1.hdr
data2.cab
layout.bin
setup.bat
setup.exe
.exe windows:5 windows x86 arch:x86

9cc314eb4f686b7ebcbd8a1e243daa7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:af:fc:ed:25:6a:92:29:6f:db:1f:e5:eb:7e:20:11
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/06/2013, 00:00

Not After

05/08/2016, 23:59

Subject

CN=CLEVO CO.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CLEVO CO.,L=SUN CHUNG,ST=TAIPEI HSIEN,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

lz32

LZOpenFileW
LZCopy
LZClose

msi

ord88
ord137
ord141
ord8
ord169

kernel32

CreateDirectoryW
FindClose
FindFirstFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetFileAttributesW
GetFileSize
SetFilePointer
WriteFile
RaiseException
SetErrorMode
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
CreateMutexW
CreateEventW
GetSystemTimeAsFileTime
GetSystemInfo
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindResourceExW
FreeLibrary
LoadLibraryExW
lstrcmpiW
lstrcpynW
lstrcatW
LoadLibraryW
GetPrivateProfileIntW
IsBadReadPtr
CompareStringW
CompareStringA
GetSystemDefaultLangID
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileTime
SetFileAttributesW
HeapAlloc
VerLanguageNameW
GetProcessHeap
CopyFileW
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
lstrcpyA
GetTickCount
ExitThread
CreateThread
GetExitCodeProcess
ReadFile
GetCommandLineW
FormatMessageW
LocalFree
GetVersionExW
GetWindowsDirectoryW
InterlockedDecrement
InterlockedIncrement
GetTempPathW
CreateFileW
FindResourceW
GlobalFree
GlobalUnlock
FreeResource
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
MulDiv
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
GetModuleHandleExW
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
MoveFileExW
WriteProcessMemory
VirtualProtectEx
GetSystemDirectoryW
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
TerminateProcess
ExitProcess
GetCurrentProcess
WaitForSingleObject
SetLastError
GetLastError
DuplicateHandle
RemoveDirectoryW
HeapFree
DeleteFileW
SetCurrentDirectoryW
lstrlenW
lstrcpyW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
Sleep
CloseHandle
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
ReadConsoleW
FindNextFileW
lstrcmpW
GetCurrentThread
QueryPerformanceCounter
SearchPathW
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
VirtualProtect
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
CompareFileTime
SetFileTime
OpenProcess
GetProcessTimes
lstrlenA
GetLocalTime
GetCurrentProcessId
GetVersion
LCMapStringW
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection

user32

wsprintfW
SendMessageW
MoveWindow
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetDlgItemTextW
SetActiveWindow
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
GetWindowLongW
WaitForInputIdle
SetWindowLongW
LoadIconW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
SystemParametersInfoW
GetWindow
FillRect
GetSysColor
MapWindowPoints
RemovePropW
GetPropW
SetPropW
EndPaint
BeginPaint
EnableMenuItem
GetSystemMetrics
SetFocus
DefWindowProcW
GetMessageW
LoadStringW
LoadImageW
ReleaseDC
GetDC
CreateDialogParamW
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
CreateDialogIndirectParamW
IsWindowVisible
IsDialogMessageW
FindWindowExW
ScreenToClient
EnableWindow
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
ExitWindowsEx
CharUpperW
wsprintfA
CallWindowProcW
CreateWindowExW
DrawIcon
DrawTextW
UpdateWindow
GetWindowDC
InvalidateRect
DrawFocusRect
CopyRect
InflateRect
EnumChildWindows
GetClassNameW
MapDialogRect
RegisterClassExW
GetDlgItemTextW
IntersectRect
MonitorFromPoint

gdi32

SetTextColor
SetBkMode
SetBkColor
SaveDC
RestoreDC
CreateSolidBrush
UnrealizeObject
CreateHalftonePalette
GetDIBColorTable
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
BitBlt
GetObjectW
TranslateCharsetInfo
DeleteObject
CreateFontIndirectW
CreateCompatibleBitmap
CreateDCW
CreatePatternBrush
GetStockObject
GetTextExtentPoint32W
DeleteMetaFile
CreateDIBitmap
CreateBitmap
CreateRectRgn
PatBlt
PlayMetaFile
SelectClipRgn
SetMapMode
SetMetaFileBitsEx
SetPixel
StretchBlt
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
TextOutW

advapi32

RegCreateKeyExW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenThreadToken
RegEnumKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysReAllocStringLen
GetErrorInfo
VarBstrCmp
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SysStringByteLen
SysStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
VarBstrCat
VarUI4FromStr

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

gdiplus

GdipGetImageWidth
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromResource
GdipDrawImageRectI
GdipSetInterpolationMode
GdiplusStartup
GdipGetImageHeight
GdipDeleteGraphics

Sections

.text
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.ini
setup.inx
setup.iss

Sharing

General

Malware Config

Signatures

Files

a35e6298eec7ac5fd42405b7ed69a5dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

winmm

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 457KB - Virtual size: 1.6MB

.rsrc Size: 131KB - Virtual size: 132KB

.reloc Size: 512B - Virtual size: 512B

9cc314eb4f686b7ebcbd8a1e243daa7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

36:af:fc:ed:25:6a:92:29:6f:db:1f:e5:eb:7e:20:11Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

lz32

msi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

gdiplus

Sections

.text Size: 416KB - Virtual size: 416KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 305KB - Virtual size: 304KB

.text
Size: 457KB - Virtual size: 1.6MB

.rsrc
Size: 131KB - Virtual size: 132KB

.reloc
Size: 512B - Virtual size: 512B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

36:af:fc:ed:25:6a:92:29:6f:db:1f:e5:eb:7e:20:11
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 416KB - Virtual size: 416KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 305KB - Virtual size: 304KB