b4ac566cfb5036066964bec177211e09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4ac566cfb5036066964bec177211e09_JaffaCakes118
Size

179KB
MD5

b4ac566cfb5036066964bec177211e09
SHA1

c1443a498c038b79c997c80fd45d3521dd778854
SHA256

3176f5d50a8ea7a4371ac5339956c6a1d0f1cc4d3c3f701b70bc707ad7c58f69
SHA512

2232150af61c585267ca21a8449c4d5d2e5e8341c07cbbc8ec33a98b01098e20a2fce64df2d4ad1726661147186944dbeb93cbe96ee64b633cacd62008140e2e
SSDEEP

3072:fK9v2LVfTpD5+vCIeJoXRY2pLKQlNlMuQ3ZqqoHyMhmXANBx57QVBv3TSd3tJ3q:iQHtS/zLKyM6VHrkAb41DSd3tA

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
b4ac566cfb5036066964bec177211e09_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

b4ac566cfb5036066964bec177211e09_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a73b2531bfc838dc3d19df5285b8d0fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
CloseHandle
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
GlobalHandle
GlobalReAlloc
GetSystemDefaultLCID
GetVolumeInformationA
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameA
lstrcatA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GlobalLock
MulDiv

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
ScreenToClient
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
SetWindowLongW

gdi32

CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
SelectObject
CreateFontIndirectW
SetBkMode
SetTextColor

shell32

SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegDeleteValueW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA

wininet

InternetReadFile
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA

shlwapi

PathFindFileNameA
StrStrIA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 980KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/2.ico
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

25a5640a89eb79c57f60a91d10524b18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
lstrcpyW
GetFileAttributesW
lstrcmpiW
GlobalAlloc
MulDiv
lstrlenW
SetCurrentDirectoryW
GetProcessHeap
HeapAlloc
HeapReAlloc
lstrcpynW
HeapFree
GlobalFree

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetClientRect
DrawFocusRect
GetWindowLongW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharPrevW
MapDialogRect
CharNextW
SendMessageW
RemovePropW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a73b2531bfc838dc3d19df5285b8d0fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wininet

shlwapi

iphlpapi

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 3.9MB

.ndata Size: - Virtual size: 980KB

.rsrc Size: 78KB - Virtual size: 77KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

25a5640a89eb79c57f60a91d10524b18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 454B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 3.9MB

.ndata
Size: - Virtual size: 980KB

.rsrc
Size: 78KB - Virtual size: 77KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B