1791e5a3fdf497e789b7a79a309843e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1791e5a3fdf497e789b7a79a309843e2_JaffaCakes118
Size

336KB
MD5

1791e5a3fdf497e789b7a79a309843e2
SHA1

4a2c76acbf693449b41938448df699e917a6b603
SHA256

c54b6a077df5789d3e5a7c66aced42b76abd1ce4b387398ffc2110444af5defb
SHA512

42f0bd91ec5c413bf5bc03db016bc4a3c4e66307bbb5009db76d4ff5968e53096d09b187168ecfd2e5dfac6dc9d6a460f010a83b4db07d408259c6269bcdf96a
SSDEEP

6144:fLXOmNMfzrX7pDzG2WWdfcYMfuXJCarRGQopYKEOg97p5Vz:fhGFDq2bdkYIuXhRzdKEvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mixplay.exe
unpack001/mp3more_decode.dll

Files

1791e5a3fdf497e789b7a79a309843e2_JaffaCakes118
.rar
mixplay.chm
.chm
mixplay.exe
.exe windows:4 windows x86 arch:x86

13c3b769e023cfd40ac1768d1db30585

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioClose
mmioCreateChunk
mmioGetInfo
mmioDescend
mmioRead
mmioAscend
mmioOpenA
mmioSeek
mmioWrite
mmioSetInfo
waveOutGetNumDevs

dsound

ord11

mfc42

ord4129
ord2763
ord4277
ord5683
ord2567
ord3693
ord5788
ord2614
ord858
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord2405
ord1175
ord2096
ord2408
ord5860
ord6055
ord1776
ord3571
ord3573
ord4424
ord807
ord2920
ord2012
ord554
ord4163
ord1644
ord1146
ord5572
ord2915
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord2764
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord4396
ord5290
ord3402
ord3574
ord4710
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord2120
ord283
ord613
ord6880
ord289
ord2122
ord4160
ord6358
ord1088
ord1200
ord2301
ord2642
ord6199
ord6135
ord6111
ord6334
ord3873
ord4224
ord3092
ord1168
ord4083
ord5606
ord3616
ord665
ord5442
ord3318
ord5186
ord350
ord354
ord2818
ord3721
ord795
ord3797
ord2754
ord6197
ord6605
ord926
ord6170
ord3089
ord4287
ord6734
ord3716
ord790
ord4123
ord2380
ord3766
ord3920
ord5710
ord4278
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord2514
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord616
ord5943
ord2621
ord1134
ord551
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord924
ord6663
ord6215
ord4299
ord2086
ord3499
ord355
ord1924
ord3496
ord4998
ord4853
ord4376
ord5265
ord537
ord800
ord4234
ord2302
ord825
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord2863
ord2438
ord6142
ord823
ord4220
ord3654
ord2584
ord3701
ord1862
ord500
ord860
ord772
ord1574
ord686
ord535
ord1099
ord2864
ord384
ord470
ord5781
ord2859
ord2713
ord1641
ord323
ord1640
ord2414
ord5785
ord2860
ord3874
ord2243
ord540
ord755
ord5875
ord640
ord3619
ord3663
ord3626
ord5651
ord3706
ord3127
ord4078
ord4407
ord1775
ord5981
ord6052
ord6270
ord809
ord5300
ord1576

msvcrt

_filelength
_open
_setmbcp
_close
strncmp
__CxxFrameHandler
free
malloc
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
fclose
fread
fseek
fopen
sprintf
rand
calloc
_mbsstr
_controlfp
fgetc
fwrite
atoi
fprintf
clock
exit
fflush
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_iob

kernel32

GetStartupInfoA
GetModuleFileNameA
GetSystemDirectoryA
FileTimeToSystemTime
SetFileTime
GetLocalTime
GetFileAttributesExA
WinExec
lstrcpyA
lstrcatA
MulDiv
GlobalAlloc
GetWindowsDirectoryA
GlobalUnlock
GlobalLock
QueryPerformanceFrequency
SizeofResource
QueryPerformanceCounter
CreateThread
WaitForSingleObject
CreateEventA
FreeLibrary
LoadLibraryA
Sleep
CreateFileA
GetProcAddress
lstrcmpiA
FindResourceA
CloseHandle
LockResource
GetCPInfo
LoadResource
lstrlenA
GetVersion
lstrlenW
GetModuleHandleA
GetVersionExA

user32

SetWindowLongA
MessageBeep
PtInRect
LoadIconA
ScreenToClient
GetMessagePos
IsWindow
CopyIcon
LoadCursorA
UpdateWindow
RedrawWindow
SetTimer
DrawIcon
IsIconic
SetForegroundWindow
GetFocus
SetCapture
ReleaseCapture
DrawEdge
GetMenuItemInfoA
EnableWindow
GetWindowDC
GetWindowRect
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
GetClientRect
FrameRect
InflateRect
PostThreadMessageA
CopyImage
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
OffsetRect
KillTimer
DrawFocusRect
GetSystemMenu
SetRect

gdi32

BitBlt
GetObjectA
CreateCompatibleBitmap
CreateRectRgn
Rectangle
CreateCompatibleDC
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32W
GetTextExtentPoint32A
Ellipse
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
PtVisible
RectVisible
SetPixel
GetPixel
TextOutA
ExtTextOutA
PatBlt
Escape
CombineRgn
GetStockObject
SetBkColor
CreateBitmap
LineTo
MoveToEx
SetViewportOrgEx
GetViewportOrgEx
FloodFill
RoundRect
ExtCreateRegion
GetDIBits
CreateICA
SetPixelV
CreateEllipticRgnIndirect
FillRgn

advapi32

RegQueryValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mp3more_decode.dll
.dll windows:4 windows x86 arch:x86

13b136d6eb78e15c4bfed9cdb0fb566d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
GlobalFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
GetProcAddress
GetModuleHandleA
GlobalAlloc
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException
RtlUnwind

Exports

Exports

mp3_close
mp3_init
mp3_open
mp3_play

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin/Bottom1.bmp
skin/Dlg3.bmp
skin/Left1.bmp
skin/Right1.bmp
skin/Top1.bmp
skin/bottom0.bmp
skin/bottom2.bmp
skin/bottom3.bmp
skin/bottom4.bmp
skin/dlg0.bmp
skin/dlg1.bmp
skin/dlg2.bmp
skin/left0.bmp
skin/left2.bmp
skin/left3.bmp
skin/right0.bmp
skin/right2.bmp
skin/right3.bmp
skin/right4.bmp
skin/top0.bmp
skin/top2.bmp
skin/top3.bmp
skin/top4.bmp
skin/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

13c3b769e023cfd40ac1768d1db30585

Headers

File Characteristics

Imports

winmm

dsound

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

Sections

.text Size: 264KB - Virtual size: 262KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 40KB - Virtual size: 661KB

.rsrc Size: 104KB - Virtual size: 101KB

13b136d6eb78e15c4bfed9cdb0fb566d

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 24KB - Virtual size: 372KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 264KB - Virtual size: 262KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 40KB - Virtual size: 661KB

.rsrc
Size: 104KB - Virtual size: 101KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 24KB - Virtual size: 372KB

.reloc
Size: 12KB - Virtual size: 8KB