ade4759d7f31e6401429bceab240a7e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ade4759d7f31e6401429bceab240a7e9_JaffaCakes118
Size

823KB
MD5

ade4759d7f31e6401429bceab240a7e9
SHA1

0a8a293b903c1e7a52689eb00611126bdac49b4d
SHA256

7b2e978079bd4cc4c839b2aa64378da51217f0cbbc516a4b73c9c835a0a2944e
SHA512

d5c5f7da469170c5554d356420d8869e0feadc4e7837288d5e335181c64981da425ecacf29b74bd068f4109136acdb04ffd135e644563b4ddb6ffdca93c94e86
SSDEEP

24576:lljk8CWkUyu7yiFAcYJfHPW8pLp4l5mHkLbPOX0:Pjk8zyuGiFAZHPf9pp4w0

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VAC-Bypass-Loader.exe
unpack001/bass.dll
unpack001/onetap.dll
unpack001/onetap.exe

Files

ade4759d7f31e6401429bceab240a7e9_JaffaCakes118
.rar
VAC-Bypass-Loader.exe
.exe windows:6 windows x86 arch:x86

e083f6e28dd4bebb226ee69fb42872c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
CreateToolhelp32Snapshot
LoadLibraryA
lstrcatW
CloseHandle
LoadLibraryW
Module32FirstW
SuspendThread
VirtualAllocEx
CreateProcessW
CreateRemoteThread
Module32NextW
VirtualFreeEx
lstrcmpW
GetStartupInfoW
WaitForSingleObject
GetCommandLineW
GetProcAddress
WriteProcessMemory
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathGetArgsW

vcruntime140

_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_exit
_controlfp_s
terminate
exit
_initialize_onexit_table
_get_narrow_winmain_command_line
_cexit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_c_exit
_crt_atexit
_initterm
_initterm_e

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YSL_legit.cfg
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetAttributeEx
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetLevelEx
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetAttributeEx
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_FXSetPriority
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_IsStarted
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 119KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
legit_1.cfg
my (1).cfg
onetap.dll
.dll windows:6 windows x86 arch:x86

21f00a4b0ad00eb1bb161f738eabd9d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
Sleep
GetCurrentProcess
VirtualAlloc
DisableThreadLibraryCalls
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memmove
__std_type_info_destroy_list
memcpy
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_execute_onexit_table
_cexit
_invalid_parameter_noinfo_noreturn
_initterm
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Sections

.text
Size: 266KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.patch
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
onetap.exe
.exe windows:6 windows x86 arch:x86

11a43ed648c2edba75ad984050af7b2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameA
GetModuleHandleW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryA
OpenProcess
Process32Next
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAllocEx
WriteProcessMemory

user32

CreateDialogParamA
DispatchMessageA
EnableWindow
GetDesktopWindow
GetDlgItem
GetMessageA
IsDialogMessageA
IsWindow
IsWindowVisible
MessageBoxA
SetWindowTextA
ShowWindow
TranslateMessage

bass

BASS_ChannelPlay
BASS_GetVersion
BASS_Init
BASS_MusicLoad

vcruntime140

_CxxThrowException
__std_exception_copy
__std_exception_destroy
_except_handler4_common
memcmp
memcpy
memset

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
_configure_narrow_argv
_controlfp_s
_crt_atexit
_exit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
owned_by_king.cfg
private (1).cfg
private.cfg
semirage.cfg
x233.cfg

Sharing

General

Malware Config

Signatures

Files

e083f6e28dd4bebb226ee69fb42872c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 134KB - Virtual size: 134KB

.reloc Size: 512B - Virtual size: 428B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 119KB - Virtual size: 328KB

.rsrc Size: 1024B - Virtual size: 4KB

Size: - Virtual size: 8KB

petite Size: 3KB - Virtual size: 3KB

21f00a4b0ad00eb1bb161f738eabd9d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 266KB - Virtual size: 268KB

.rdata Size: 15KB - Virtual size: 16KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.patch Size: 1024B - Virtual size: 1024B

11a43ed648c2edba75ad984050af7b2e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

bass

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 4B

.gfids Size: 512B - Virtual size: 80B

.rsrc Size: 167KB - Virtual size: 166KB

.reloc Size: 1024B - Virtual size: 680B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 134KB - Virtual size: 134KB

.reloc
Size: 512B - Virtual size: 428B

.rsrc
Size: 1024B - Virtual size: 4KB

petite
Size: 3KB - Virtual size: 3KB

.text
Size: 266KB - Virtual size: 268KB

.rdata
Size: 15KB - Virtual size: 16KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB

.patch
Size: 1024B - Virtual size: 1024B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 4B

.gfids
Size: 512B - Virtual size: 80B

.rsrc
Size: 167KB - Virtual size: 166KB

.reloc
Size: 1024B - Virtual size: 680B