01415d1efa03f22d2b9f68ad6e975199_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01415d1efa03f22d2b9f68ad6e975199_JaffaCakes118
Size

118KB
MD5

01415d1efa03f22d2b9f68ad6e975199
SHA1

6d85acceb755a06513230c86e61c75df2234af11
SHA256

69bbf6b6b02994967bf7bf927ebc4c8b289585288842981cbb98fa5ab3d1cd59
SHA512

8d44152fc5172b5eb33b8b449654bed42a34e10bb05a6cd6bd8b86e2a5c24b9bb102d2b26c644206662358d4ed6f14c3e1b2d4da12edc4d10d1bdc55391beb4c
SSDEEP

3072:IgXdZt9P6D3XJbCGtwj+AA4aJWQdAkSIrMGP6EQr61oF:Ie344GtD5KQdvS6K61i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01415d1efa03f22d2b9f68ad6e975199_JaffaCakes118

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

01415d1efa03f22d2b9f68ad6e975199_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/w6KfwIenIa
$TEMP/w6KfwIenIa.dll
.dll windows:5 windows x86 arch:x86

1ebc5d281a20a8226c4ad98894cc4f92

Code Sign

69:14:03:d2:f1:f4:1a:87:47:93:ce:31:cf:8c:f6:27
Certificate

Issuer

CN=SRPCmOYWKrd2jH33rCDi3cGUJ

Not Before

20/04/2012, 08:35

Not After

31/12/2039, 23:59

Subject

CN=SRPCmOYWKrd2jH33rCDi3cGUJ

Extended Key Usages

ExtKeyUsageCodeSigning

b5:19:a9:28:76:ea:96:24:52:3d:7b:02:7d:1d:51:eb:85:0d:ca:db
Signer

Actual PE Digest

b5:19:a9:28:76:ea:96:24:52:3d:7b:02:7d:1d:51:eb:85:0d:ca:db

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
AddAtomA
Beep
BindIoCompletionCallback
CallNamedPipeW
CloseHandle
CreateDirectoryExW
CreateFileMappingA
CreateFileW
CreateNamedPipeA
CreateProcessW
CreateRemoteThread
CreateTimerQueue
DeleteFiber
DeleteTimerQueue
DisableThreadLibraryCalls
EnumDateFormatsA
EnumLanguageGroupLocalesA
EnumSystemCodePagesW
EnumSystemLocalesW
ExitProcess
FatalExit
FindClose
FindFirstVolumeA
FindNextFileA
FindNextVolumeA
FindVolumeMountPointClose
FreeResource
GetCPInfo
GetCompressedFileSizeW
GetConsoleAliasExesA
GetConsoleAliasExesW
GetConsoleAliasesA
GetConsoleFontSize
GetCurrentProcess
GetDefaultCommConfigW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetEnvironmentStringsA
GetEnvironmentVariableA
GetFileSizeEx
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetStartupInfoW
GetSystemInfo
GetThreadContext
GetThreadPriority
lstrcatA
GetVersionExW
GlobalFindAtomA
GlobalGetAtomNameA
GlobalHandle
GlobalUnlock
Heap32ListFirst
Heap32ListNext
HeapFree
InterlockedExchange
InterlockedIncrement
LocalLock
LockResource
MapViewOfFile
Module32First
Module32FirstW
MoveFileA
MoveFileExW
PeekConsoleInputA
PeekNamedPipe
PrepareTape
ReadConsoleA
ReadFileEx
ReplaceFile
SearchPathW
SetCommState
SetCommTimeouts
SetComputerNameW
SetConsoleDisplayMode
SetConsoleScreenBufferSize
SetDefaultCommConfigW
SetEnvironmentVariableA
SetFilePointerEx
SetProcessPriorityBoost
SetProcessWorkingSetSize
SetThreadPriorityBoost
SuspendThread
SystemTimeToFileTime
TlsSetValue
UpdateResourceA
VirtualQuery
WaitForDebugEvent
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleOutputCharacterA
WritePrivateProfileSectionW
WriteProfileStringW
_lwrite
lstrcatW
lstrcpy
lstrcpynA
lstrlenW
CreateFileA
GetTimeZoneInformation
VirtualAllocEx

user32

SetFocus
SetForegroundWindow
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetMenuItemInfoW
SetMessageExtraInfo
SetMessageQueue
SetParent
SetProcessDefaultLayout
SetPropA
SetPropW
SetScrollPos
SetScrollRange
SetSysColors
SetTimer
SetUserObjectInformationW
SetUserObjectSecurity
SetWinEventHook
SetWindowLongA
SetWindowTextA
SetWindowWord
SetWindowsHookA
SetWindowsHookExW
ShowWindowAsync
SwapMouseButton
TabbedTextOutA
TileWindows
ToAscii
ToUnicodeEx
TrackPopupMenu
TrackPopupMenuEx
UnhookWinEvent
UnpackDDElParam
UnregisterClassA
UpdateLayeredWindow
UpdateWindow
UserHandleGrantAccess
ValidateRgn
VkKeyScanA
WINNLSGetIMEHotkey
WaitForInputIdle
WaitMessage
WinHelpA
WinHelpW
mouse_event
wvsprintfA
wvsprintfW
SetDlgItemTextW
SetDlgItemTextA
SetClipboardViewer
SetClassWord
SendNotifyMessageW
SendNotifyMessageA
SendMessageTimeoutA
SendMessageA
ScrollDC
ReuseDDElParam
RemovePropW
ReleaseDC
RegisterDeviceNotificationW
RedrawWindow
PtInRect
PostMessageW
PostMessageA
PackDDElParam
OpenWindowStationA
OpenInputDesktop
OffsetRect
OemToCharBuffW
OemToCharA
OemKeyScan
NotifyWinEvent
MonitorFromPoint
MessageBoxIndirectA
MapVirtualKeyExA
LookupIconIdFromDirectoryEx
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageA
LoadIconW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowVisible
IsRectEmpty
IsDlgButtonChecked
IsDialogMessageA
IsDialogMessage
IsCharUpperA
IsCharLowerW
IsCharLowerA
InvertRect
InvalidateRgn
InternalGetWindowText
InsertMenuW
InsertMenuItemW
ImpersonateDdeClientWindow
IMPQueryIMEW
IMPGetIMEW
IMPGetIMEA
HideCaret
GrayStringW
GetWindowWord
GetWindowTextLengthA
GetWindowLongA
GetWindowContextHelpId
GetWindow
GetUserObjectSecurity
GetSysColorBrush
GetSysColor
GetScrollRange
GetQueueStatus
GetPropW
GetPriorityClipboardFormat
GetParent
GetNextDlgGroupItem
GetMonitorInfoA
GetMessageExtraInfo
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoW
GetMenuItemInfoA
GetMenuDefaultItem
GetMenuContextHelpId
GetMenuBarInfo
GetListBoxInfo
GetLastActivePopup
GetKeyboardType
GetKeyboardState
GetKeyboardLayoutList
GetKeyState
GetKeyNameTextA
GetKBCodePage
GetInputState
GetIconInfo
GetGUIThreadInfo
GetDlgItemTextA
GetDlgItem
GetCursorPos
GetCursorInfo
GetCursor
GetClipboardViewer
GetClipboardSequenceNumber
GetClipboardFormatNameA
GetCaretBlinkTime
GetAsyncKeyState
GetAncestor
GetAltTabInfo
GetActiveWindow
FreeDDElParam
FrameRect
FindWindowExW
ExitWindowsEx
EqualRect
EnumThreadWindows
EnumPropsW
EnumPropsA
EnumDisplayDevicesW
EnumDesktopWindows
EnumChildWindows
EndTask
EnableScrollBar
EmptyClipboard
DrawTextW
DrawStateW
DrawIconEx
DrawFrameControl
DrawCaption
DrawAnimatedRects
DragDetect
DlgDirSelectExW
DlgDirSelectExA
DlgDirListW
DlgDirListComboBoxA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DialogBoxIndirectParamW
DestroyWindow
DestroyIcon
DeregisterShellHookWindow
DefMDIChildProcA
DefFrameProcW
DdeUnaccessData
DdeReconnect
DdeInitializeW
DdeInitializeA
DdeImpersonateClient
DdeFreeDataHandle
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeCmpStringHandles
DdeAccessData
DdeAbandonTransaction
CreateWindowStationA
CreateMDIWindowW
CreateIconFromResourceEx
CreateIcon
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateCursor
CreateCaret
CountClipboardFormats
CopyImage
CopyIcon
CopyAcceleratorTableA
CloseDesktop
ClientToScreen
ChildWindowFromPointEx
CharUpperW
CharUpperBuffW
CharUpperBuffA
CharPrevA
CharNextA
CharLowerW
ChangeMenuW
ChangeMenuA
ChangeDisplaySettingsExW
ChangeDisplaySettingsA
CascadeChildWindows
CallWindowProcA
CallNextHookEx
CallMsgFilterW
CallMsgFilter
BringWindowToTop
BlockInput
AppendMenuW
AppendMenuA
AllowSetForegroundWindow
AdjustWindowRectEx
AdjustWindowRect
LoadStringW

advapi32

RegOpenKeyW
RegCloseKey

shlwapi

UrlUnescapeW
UrlIsW
UrlIsOpaqueW
UrlIsOpaqueA
UrlIsNoHistoryW
UrlIsNoHistoryA
UrlIsA
UrlHashA
UrlGetLocationA
UrlEscapeW
UrlEscapeA
UrlCreateFromPathW
UrlCreateFromPathA
UrlCompareA
UrlCombineW
UrlCanonicalizeW
UrlApplySchemeW
StrTrimW
StrToIntW
StrToIntExA
StrStrIW
StrStrIA
StrStrA
StrRetToStrW
StrRetToStrA
StrRetToBufW
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrA
StrPBrkW
StrPBrkA
StrFromTimeIntervalW
StrFormatKBSizeA
StrFormatByteSizeA
StrFormatByteSize64A
wnsprintfA
StrCpyW
StrCmpW
StrCmpNW
StrCmpNIW
StrCmpNIA
StrCmpIW
StrChrIW
StrChrIA
StrChrA
StrCatW
StrCatBuffW
StrCatBuffA
StrCSpnW
StrCSpnIW
StrCSpnIA
StrCSpnA
SHSkipJunction
SHSetValueA
SHSetThreadRef
SHRegWriteUSValueW
SHRegSetUSValueW
SHRegSetUSValueA
SHRegSetPathA
SHRegQueryUSValueW
SHRegQueryUSValueA
SHRegQueryInfoUSKeyW
SHRegQueryInfoUSKeyA
SHRegOpenUSKeyW
SHRegGetUSValueA
SHRegGetPathW
SHRegGetPathA
SHRegGetBoolUSValueW
SHRegGetBoolUSValueA
SHRegEnumUSValueW
SHRegEnumUSKeyW
SHRegEnumUSKeyA
SHRegDuplicateHKey
SHRegDeleteUSValueW
SHRegDeleteUSValueA
SHRegDeleteEmptyUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegCreateUSKeyW
SHRegCloseUSKey
SHQueryValueExW
SHQueryInfoKeyW
SHOpenRegStreamW
SHOpenRegStreamA
SHOpenRegStream2A
SHIsLowMemoryMachine
SHGetInverseCMAP
SHEnumValueW
SHEnumKeyExA
SHDeleteValueW
SHDeleteKeyA
SHDeleteEmptyKeyW
SHDeleteEmptyKeyA
SHCopyKeyA
PathUnquoteSpacesA
PathUnmakeSystemFolderW
PathUnmakeSystemFolderA
PathUndecorateW
PathUnExpandEnvStringsW
PathUnExpandEnvStringsA
PathStripToRootA
PathStripPathA
PathSkipRootA
PathSetDlgItemPathW
PathSetDlgItemPathA
PathSearchAndQualifyW
PathRenameExtensionA
PathRemoveExtensionW
PathRemoveExtensionA
PathRemoveBlanksW
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveArgsW
PathRelativePathToW
PathQuoteSpacesW
PathQuoteSpacesA
PathMatchSpecA
PathMakeSystemFolderW
PathMakeSystemFolderA
PathIsURLW
PathIsURLA
PathIsUNCW
PathIsUNCServerShareW
PathIsUNCServerShareA
PathIsUNCServerA
PathIsUNCA
PathIsSameRootW
PathIsSameRootA
PathIsRootW
PathIsRootA
PathIsRelativeW
PathIsLFNFileSpecW
PathIsLFNFileSpecA
PathIsFileSpecA
PathIsDirectoryEmptyW
PathIsDirectoryEmptyA
PathIsDirectoryA
PathIsContentTypeW
PathIsContentTypeA
PathGetDriveNumberW
PathGetDriveNumberA
PathGetCharTypeW
PathGetCharTypeA
PathGetArgsA
PathFindSuffixArrayW
PathFindSuffixArrayA
PathFindOnPathW
PathFindOnPathA
PathFindNextComponentW
PathFindNextComponentA
PathFindFileNameW
PathFindExtensionW
PathFindExtensionA
PathFileExistsW
PathFileExistsA
PathCreateFromUrlW
PathCreateFromUrlA
PathCompactPathW
PathCompactPathExW
PathCompactPathExA
PathCommonPrefixW
PathCombineA
PathCanonicalizeW
PathCanonicalizeA
PathAppendW
PathAppendA
PathAddExtensionW
PathAddExtensionA
PathAddBackslashW
PathAddBackslashA
IntlStrEqWorkerW
IntlStrEqWorkerA
HashData
ColorRGBToHLS
ChrCmpIW
ChrCmpIA
AssocQueryStringW
AssocQueryStringByKeyW
AssocQueryStringByKeyA
AssocQueryStringA
AssocCreate
wvnsprintfA
wvnsprintfW
StrDupA

Sections

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

1ebc5d281a20a8226c4ad98894cc4f92

Code Sign

69:14:03:d2:f1:f4:1a:87:47:93:ce:31:cf:8c:f6:27Certificate

Extended Key Usages

b5:19:a9:28:76:ea:96:24:52:3d:7b:02:7d:1d:51:eb:85:0d:ca:dbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

69:14:03:d2:f1:f4:1a:87:47:93:ce:31:cf:8c:f6:27
Certificate

b5:19:a9:28:76:ea:96:24:52:3d:7b:02:7d:1d:51:eb:85:0d:ca:db
Signer

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 3KB - Virtual size: 2KB