9f55360bfd9792bf36ddbf0004e4224c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9f55360bfd9792bf36ddbf0004e4224c_JaffaCakes118
Size

2.7MB
MD5

9f55360bfd9792bf36ddbf0004e4224c
SHA1

1c74ad7f538c53827a64bd4dc3bff45dbeac0292
SHA256

c7d4ea07ab93619fc38c7ee96dd3136ed6a5febfbbd030bbeac61220a870a316
SHA512

433eb4c48e852919227a61971962d2cc6c63e05a0930883b4dcfce751f9893d4ccc259b54e4f7de01730889eee9379707a0d1f081cd1e3db0df0adc7fe13cfe7
SSDEEP

49152:2D1nK2uReaVoPLkriqBK8kyvC9Bu9Iu7FoneAMLIiI1KJ7NuEZrt62bOa+JLLt5:2pK2+PooK8k39BuSKAMLIiI0hFZp+Jt5

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hiss852/Client85/SetupClt85.exe
unpack001/Hiss852/Client85/hss8.exe
unpack001/Hiss852/Client85/hwd2.dll

Files

9f55360bfd9792bf36ddbf0004e4224c_JaffaCakes118
.zip
Hiss852/Client85/SetupClt85.exe
.exe windows:4 windows x86 arch:x86

993380419e803e24732eb9ce6cbc6de4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

ws2_32

inet_ntoa
WSAStartup
WSACleanup
WSACreateEvent
WSAGetLastError
socket
gethostbyname
inet_addr
htons
connect
ntohs

iphlpapi

GetTcpTable
NotifyAddrChange

winmm

waveOutGetDevCapsA
waveOutSetVolume
waveOutGetNumDevs

userenv

LoadUserProfileA

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

GetFileSize
GetThreadLocale
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToLocalFileTime
GetFileTime
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
SetEndOfFile
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetProcessHeap
GetStartupInfoA
ExitThread
RaiseException
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetModuleFileNameW
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
FreeResource
SetLastError
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GetComputerNameA
DosDateTimeToFileTime
FileTimeToSystemTime
SetSystemTime
InterlockedDecrement
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
MoveFileA
GetCurrentProcess
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateThread
WaitForSingleObject
GetTickCount
GetExitCodeThread
GetCurrentProcessId
OpenProcess
TerminateProcess
GetExitCodeProcess
Beep
Sleep
WideCharToMultiByte
CreateThread
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
CopyFileA
GetWindowsDirectoryA
DeleteFileA
CreateMutexA
GetLastError
WinExec
ExitProcess
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
lstrlenA
GetCommandLineA
TlsAlloc

user32

CharNextA
SetCapture
LoadCursorA
ReleaseCapture
GetSysColorBrush
UnregisterClassA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SendDlgItemMessageA
RegisterWindowMessageA
GetSysColor
EndPaint
GetMessagePos
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
WaitMessage
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowPos
WindowFromPoint
ScreenToClient
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetLastActivePopup
IsWindowEnabled
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
ExitWindowsEx
ActivateKeyboardLayout
GetKeyboardLayout
CharUpperA
MessageBoxA
CloseWindow
GetClientRect
BlockInput
SetWindowsHookExA
UnhookWindowsHookEx
SystemParametersInfoA
GetWindowLongA
SetCursorPos
PeekMessageA
wsprintfA
LoadImageA
GetSystemMetrics
IsWindow
GetWindowThreadProcessId
LoadIconA
EnableWindow
SendMessageA
GetForegroundWindow
GetWindow
FindWindowA
KillTimer
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetTopWindow
GetMessageTime
SetTimer
InvalidateRect
GetWindowRect
IsIconic
FillRect
GetKeyState
CallNextHookEx
GetDesktopWindow
GetDC
MapWindowPoints
BeginPaint
SetActiveWindow

gdi32

TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
PtVisible
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteObject
CreateSolidBrush
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
GetTokenInformation
OpenServiceA
DeleteService
CreateServiceA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
OpenSCManagerA
EnumServicesStatusExA
CloseServiceHandle
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoTaskMemAlloc
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString

oleaut32

VariantClear
OleCreateFontIndirect
VariantInit
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
VariantTimeToDosDateTime
SysFreeString
SysAllocString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

wsock32

send
WSAAsyncSelect
recvfrom
sendto
WSASetLastError
select
accept
recv
closesocket

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hiss852/Client85/hss8.exe
.exe windows:4 windows x86 arch:x86

6e4577bcc7a9ed5ee3999cd66200f3b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetProfileStringA
GetFileTime
GetFileSize
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SizeofResource
GetProcessVersion
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrcpynA
MulDiv
InterlockedDecrement
LoadLibraryA
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
SetLastError
FreeLibrary
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
ExitProcess
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CloseHandle
GetModuleFileNameA
lstrlenA
Sleep
CreateMutexA
GetLastError
GetStdHandle

user32

CopyRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
CharUpperA
DestroyMenu
InvalidateRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
KillTimer
WaitMessage
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
EnableWindow
WindowFromPoint
LoadIconA
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
PostMessageA
SetCursorPos
GetWindowRect
GetCursorPos
GetDesktopWindow
GetDC
wsprintfA
SetTimer
IsIconic
GetWindowTextLengthA
GetSystemMetrics
GetClientRect
DrawFocusRect
DefDlgProcA
InflateRect
CharNextA
IsWindowUnicode
DrawIcon
GetWindowTextA

gdi32

GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
BitBlt
GetDIBits
GetObjectA
DeleteDC
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SelectObject
CreateDIBitmap
PatBlt
GetTextExtentPointA
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

wsock32

bind
htons
htonl
closesocket
recv
send
WSAAsyncSelect
inet_ntoa
ioctlsocket
recvfrom
sendto
connect
WSAGetLastError
WSASetLastError
WSAStartup
WSACleanup
listen
accept
socket

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hiss852/Client85/hwd2.dll
.exe windows:4 windows x86 arch:x86

fc4011ff39a6bfd79c310158c15e1f8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
CreateProcessA
GetCommandLineA
ExitProcess
GetTickCount
WaitForSingleObject
Sleep
WinExec
CloseHandle
GetModuleFileNameA
GetFileAttributesA
HeapSize
ReadFile
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetWindowsDirectoryA
CopyFileA
OpenProcess
TerminateProcess
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
RtlUnwind
GetProcAddress
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
CreateFileA
LoadLibraryA
LCMapStringA
LCMapStringW

user32

SystemParametersInfoA
GetMessageA
DispatchMessageA
TranslateMessage
LoadIconA
LoadCursorA
RegisterClassExA
PostQuitMessage
DefWindowProcA
CreateWindowExA
SetTimer
wsprintfA
GetWindowThreadProcessId
FindWindowA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
GetUserNameA
StartServiceCtrlDispatcherA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hiss852/Server852/SetupServer852.msi
.msi

Sharing

General

Malware Config

Signatures

Files

993380419e803e24732eb9ce6cbc6de4

Headers

File Characteristics

Imports

wininet

ws2_32

iphlpapi

winmm

userenv

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 312KB - Virtual size: 309KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 16KB - Virtual size: 49KB

.rsrc Size: 84KB - Virtual size: 82KB

6e4577bcc7a9ed5ee3999cd66200f3b3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

wsock32

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 32KB

.rsrc Size: 12KB - Virtual size: 11KB

fc4011ff39a6bfd79c310158c15e1f8f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 16KB - Virtual size: 49KB

.rsrc
Size: 84KB - Virtual size: 82KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B