af34546979079042a99b99b5613ad26b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af34546979079042a99b99b5613ad26b_JaffaCakes118
Size

655KB
MD5

af34546979079042a99b99b5613ad26b
SHA1

0586e39201deceda81e2ff802b767ac31149add6
SHA256

b7061cc4e086acb685a6b5d704c1cd61f7a1a673087bbc52a3b184391afdabfd
SHA512

929aeb077c1dc8ab75bc1669ee5eca6c34802e3b9b189f3d88a3144c1659f9040ccc653f9a23c968f3833ea98868eaebf9111168f7a93e54a757a9f9057fb63c
SSDEEP

12288:cbZAMZmrh0KjtxuD6A+3JFNU8eB+9w8qZtlYIdSh17b9Xuz3l5SplLo5aIgFlh2Y:ct4TJxXA+ZrUbB+9JEtSh1X9XO184khz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/69beb78c8b8de1a86677e27c531c92cb5ca70807d2755b94f70a75887fbc90cf_advnetcfg.ocx
unpack001/7d5ad688d1cdb34f8ee694e60b9d47e894c879f23218c5c29a19a514030e706d_nteps32.ocx

Files

af34546979079042a99b99b5613ad26b_JaffaCakes118
.zip

Password: infected
029bcd72dc2ca4b31778cf4ee086038d8bd6c59ed2ed485e247aed56f909f881_boot32drv.sys
69beb78c8b8de1a86677e27c531c92cb5ca70807d2755b94f70a75887fbc90cf_advnetcfg.ocx
.dll windows:4 windows x86 arch:x86

3aeffff1a896499847d0e973226a7948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameW
GetCurrentThreadId
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableW
SetLastError
InterlockedDecrement
InterlockedIncrement
SetEvent
GetCurrentProcessId
ResetEvent
CreateEventW
OpenEventW
SuspendThread
ResumeThread
TerminateThread
OpenThread
GetExitCodeThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetVersionExA
Sleep
OpenMutexW
CloseHandle
CreateMutexA
CreateMutexW
ReleaseMutex
IsBadReadPtr
GetSystemDirectoryW
lstrcpynW
GetModuleFileNameW
ExitThread
ProcessIdToSessionId
CreateFileMappingW
lstrcpynA
GetVersion
HeapAlloc
lstrcatW
HeapFree
GetProcessHeap
SetErrorMode
GetSystemTimeAsFileTime
SetFileTime
WriteFile
ReadFile
CreateFileW
GetFullPathNameW
FlushFileBuffers
GetFileSize
FileTimeToLocalFileTime
GetFileInformationByHandle
FindFirstFileW
FindClose
SetFilePointer
SetFileAttributesW
SetEndOfFile
LocalFileTimeToFileTime
GetFileTime
LocalFree
GetSystemTime
SystemTimeToFileTime
GetTickCount
GetFileAttributesW
LoadLibraryW
GetVolumeInformationW
TerminateProcess
DeleteFileW
CreateProcessW
CopyFileW
GetLongPathNameW
RemoveDirectoryW
GetExitCodeProcess
MoveFileExW
VirtualAllocEx
SearchPathW
OpenProcess
GetModuleHandleA
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetWindowsDirectoryW
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
DuplicateHandle
UnmapViewOfFile
FreeLibrary
lstrlenA
IsBadStringPtrA
lstrcmpiA
VirtualQueryEx
VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
GetThreadContext
SetThreadContext
QueueUserAPC
WaitForMultipleObjectsEx
MapViewOfFile
OpenFileMappingW
FindNextFileW
Thread32First
Thread32Next
CreateToolhelp32Snapshot
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
GetCommandLineA
CreateThread
GetCurrentThread
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSection
RtlUnwind
GetLocaleInfoA
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

DisableTBS
EnableTBS
UpdateTBSList

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7d5ad688d1cdb34f8ee694e60b9d47e894c879f23218c5c29a19a514030e706d_nteps32.ocx
.dll windows:4 windows x86 arch:x86

8b332e545a344e97cc5a907628ad4565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
TerminateThread
SuspendThread
ResumeThread
OpenThread
GetExitCodeThread
InterlockedIncrement
GetCurrentThreadId
SetErrorMode
SetFilePointer
FindClose
CloseHandle
SetEndOfFile
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFileAttributesW
GetFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
ReadFile
GetFullPathNameW
CreateFileW
FlushFileBuffers
GetFileSize
GetLastError
FindFirstFileW
SetEnvironmentVariableW
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEvent
ResetEvent
CreateEventW
OpenEventW
LocalFree
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetVersionExA
SetLastError
OpenMutexW
CreateMutexA
CreateMutexW
ReleaseMutex
ExitThread
GetVersion
ProcessIdToSessionId
CreateFileMappingW
lstrcatW
lstrcpynA
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
GetSystemDirectoryW
lstrcpynW
GetModuleFileNameW
SystemTimeToFileTime
GetSystemTime
SetThreadContext
QueueUserAPC
GetThreadContext
RemoveDirectoryW
GetExitCodeProcess
MoveFileExW
GetShortPathNameW
GetFileAttributesW
LoadLibraryW
GetVolumeInformationW
TerminateProcess
DeleteFileW
CreateProcessW
CopyFileW
GetLongPathNameW
OpenProcess
VirtualAllocEx
SearchPathW
lstrlenA
IsBadStringPtrA
lstrcmpiA
GetModuleHandleA
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
VirtualQueryEx
UnmapViewOfFile
FreeLibrary
DuplicateHandle
WaitForMultipleObjectsEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
MapViewOfFile
OpenFileMappingW
FindNextFileW
Thread32First
Thread32Next
CreateToolhelp32Snapshot
CreateEventA
WaitForMultipleObjects
lstrlenW
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
GetCommandLineA
CreateThread
RtlUnwind
GetCurrentThread
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsDebuggerPresent
LCMapStringA
LCMapStringW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSection
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

CreateABHList
CreatePGHDict
DisableDLV
DisableOFR
DisableSHR
EnableDLV
EnableOFR
EnableSHR
FreeABHData
GetSML
GetWPF
ReadVBInfo
RestoreSMLData
WriteVBInfo

Sections

.text
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3aeffff1a896499847d0e973226a7948

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 36KB - Virtual size: 35KB

8b332e545a344e97cc5a907628ad4565

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 546KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 32KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 548KB - Virtual size: 546KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 32KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 48KB - Virtual size: 45KB