0b5ce03a0addb5c91531d24ab738dce2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b5ce03a0addb5c91531d24ab738dce2_JaffaCakes118
Size

2.0MB
MD5

0b5ce03a0addb5c91531d24ab738dce2
SHA1

afadb4ffd0371c7366d8ae852eeaa4e6ad633969
SHA256

af04f2e20b91a0f815aa259bea56b646b21f5935cc2326ebc64e9e0b3ced77c9
SHA512

1ed1e334e12cbc2f0d266690196cbb7f954f358945d351b2737602e898b7f55d073e4be5754e22fbe23c84678a8edf81d671af12c66ed79ee97480ac8b884d9c
SSDEEP

49152:DQzOEKmoolJIhhj8HYNu2avLL5qARKzOAEEiY1BXzIhhhNVW3fSrKN4b:szFoz7VmLJgz57BszgvvA

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Wisk.Exe
unpack001/metaphase2/misc/nasty-tricks.exe
unpack009/Wisk.Exe
unpack001/misc/nasty-tricks.exe

Files

0b5ce03a0addb5c91531d24ab738dce2_JaffaCakes118
.zip
file_id.diz
meta2.hlp
meta2.mid
metaphase2/file_id.diz
metaphase2/meta2.hlp
metaphase2/meta2.mid
metaphase2/misc/WISK-1.1k.zip
.zip
WISK.HLP
Wisk.Exe
.exe windows:4 windows x86 arch:x86

ccb997a47651d221ad88584262ff8f20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord648
ord100
ord199
ord599

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
metaphase2/misc/boom-1.1k.zip
.zip
boom.diz
boom.exe
boom.txt
metaphase2/misc/eat.tar.gz
.gz
eat.tar
.tar
BUGS
INSTALL
Makefile
README
TABLES
TODO
eheader.c
pheader.c
sheader.c
metaphase2/misc/nasty-tricks.exe
.exe windows:4 windows x86 arch:x86

f4e99281436bc7fdb3ae20b23962ff98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
FindExecutableA

user32

DefWindowProcA
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
SetWindowWord
GetWindowWord
RegisterClassA
OemToCharA
CharToOemA
OemToCharBuffA
LoadCursorA
DestroyWindow
SetWindowTextA
SendMessageA
EnableWindow
PostMessageA
GetLastActivePopup
ShowWindow
CharNextA
SetTimer
KillTimer
DialogBoxIndirectParamA
GetWindowRect
GetSystemMetrics
EndDialog
GetKeyState
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA
SetCursor
SetWindowPos
GetDlgItemTextA

kernel32

lstrlenA
_lopen
_lclose
CreateDirectoryA
lstrcatA
RtlUnwind
lstrcmpA
GetCommandLineA
GetModuleHandleA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
GetModuleFileNameA
FreeLibrary
lstrcmpiA
GetWindowsDirectoryA
GetEnvironmentVariableA
LocalAlloc
LocalFree
GlobalUnlock
GlobalHandle
GlobalFree
GlobalAlloc
GlobalLock
WinExec
_llseek
GetDriveTypeA
_lread
_lwrite
GetVolumeInformationA
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
LocalFileTimeToFileTime
_lcreat
SetFileTime
DosDateTimeToFileTime
lstrcpyA

gdi32

SetTextColor
SetTextAlign
GetTextExtentPoint32A
GetBkColor
DeleteObject
SetBkColor
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

advapi32

RegQueryValueA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
metaphase2/misc/pmg-1-1k.zip
.zip
ex.exe
pmg.diz
pmg.ex_
readme.tx_
setup.exe
metaphase2/misc/tma.zip
.zip
tma/ak.jpg
.jpg
tma/file.diz
tma/kitten.jpg
.jpg
tma/pretty.gif
.gif
tma/tma.html
.html .js polyglot
metaphase2/misc/win32.Butteflies.zip
.zip
bf.ico
make.bat
worm.asm
worm.rc
misc/WISK-1.1k.zip
.zip
WISK.HLP
Wisk.Exe
.exe windows:4 windows x86 arch:x86

ccb997a47651d221ad88584262ff8f20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord648
ord100
ord199
ord599

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
misc/boom-1.1k.zip
.zip
misc/eat.tar.gz
.gz
misc/nasty-tricks.exe
.exe windows:4 windows x86 arch:x86

f4e99281436bc7fdb3ae20b23962ff98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
FindExecutableA

user32

DefWindowProcA
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
SetWindowWord
GetWindowWord
RegisterClassA
OemToCharA
CharToOemA
OemToCharBuffA
LoadCursorA
DestroyWindow
SetWindowTextA
SendMessageA
EnableWindow
PostMessageA
GetLastActivePopup
ShowWindow
CharNextA
SetTimer
KillTimer
DialogBoxIndirectParamA
GetWindowRect
GetSystemMetrics
EndDialog
GetKeyState
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA
SetCursor
SetWindowPos
GetDlgItemTextA

kernel32

lstrlenA
_lopen
_lclose
CreateDirectoryA
lstrcatA
RtlUnwind
lstrcmpA
GetCommandLineA
GetModuleHandleA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
GetModuleFileNameA
FreeLibrary
lstrcmpiA
GetWindowsDirectoryA
GetEnvironmentVariableA
LocalAlloc
LocalFree
GlobalUnlock
GlobalHandle
GlobalFree
GlobalAlloc
GlobalLock
WinExec
_llseek
GetDriveTypeA
_lread
_lwrite
GetVolumeInformationA
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
LocalFileTimeToFileTime
_lcreat
SetFileTime
DosDateTimeToFileTime
lstrcpyA

gdi32

SetTextColor
SetTextAlign
GetTextExtentPoint32A
GetBkColor
DeleteObject
SetBkColor
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

advapi32

RegQueryValueA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
misc/pmg-1-1k.zip
.zip
misc/tma.zip
.zip

Sharing

General

Malware Config

Signatures

Files

ccb997a47651d221ad88584262ff8f20

Headers

File Characteristics

Imports

vb40032

Sections

.text Size: 102KB - Virtual size: 104KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f4e99281436bc7fdb3ae20b23962ff98

Headers

File Characteristics

Imports

shell32

user32

kernel32

gdi32

advapi32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 512B - Virtual size: 146B

.data Size: 3KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

ccb997a47651d221ad88584262ff8f20

Headers

File Characteristics

Imports

vb40032

Sections

.text Size: 102KB - Virtual size: 104KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f4e99281436bc7fdb3ae20b23962ff98

Headers

File Characteristics

Imports

shell32

user32

kernel32

gdi32

advapi32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 512B - Virtual size: 146B

.data Size: 3KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 102KB - Virtual size: 104KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 146B

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 102KB - Virtual size: 104KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 146B

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB