19b6c7d8bb9a39864d9cf8da3103895b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

19b6c7d8bb9a39864d9cf8da3103895b_JaffaCakes118
Size

124KB
MD5

19b6c7d8bb9a39864d9cf8da3103895b
SHA1

bf16d118c42fce92d272a9c1cdce0c72d27fc1ca
SHA256

9bd4e93765128b85a33a028d886f933985a40b909a10c5020b4c84a544e2b1fa
SHA512

2fd2f8f72f972e7bb689c708f7ae6ae47323cfb91c53b7e75126c3f438bf16827f689dd2fa02e5b1f636f85c7f24b03ec8267034e3bfee8fa60e75cdd21ef813
SSDEEP

1536:TJDRGEnje/zRGYxV9K4Sqq/XMxkPUJgT1OeqSv31oDsj8iqvpZJVO0tyDVXd4MlA:3AzFX9SFPM6MJe1OeHqvvjUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup_iesuper.exe
unpack002/ies_uni.exe
unpack002/iesuper.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/setup_iesuper.exe	nsis_installer_1

Files

19b6c7d8bb9a39864d9cf8da3103895b_JaffaCakes118
.rar
setup_iesuper.exe
.exe windows:4 windows x86 arch:x86

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ies_uni.exe
.exe windows:4 windows x86 arch:x86

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/DIALOG/102
.rsrc/DIALOG/103
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/107
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1.ico
.rsrc/ICON/2.ico
.rsrc/ICON/3.ico
.rsrc/ICON/4.ico
.rsrc/ICON/5.ico
.rsrc/MANIFEST/1
.xml
.text
iesuper.dll
.dll regsvr32 windows:4 windows x86 arch:x86

11dec027e5d4219a73b49d3772b8b40e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

CoInternetCombineUrl
ObtainUserAgentString

wininet

InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
FtpOpenFileW
HttpEndRequestW
InternetReadFile
InternetGetConnectedState
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA

shlwapi

PathFindFileNameW
SHSetValueW
SHGetValueW
UrlCanonicalizeW
PathGetDriveNumberW
PathIsRootW
PathIsDirectoryW
SHDeleteKeyW
StrRetToBufW
PathCombineW

kernel32

LocalFree
GetWindowsDirectoryW
MoveFileExW
SetUnhandledExceptionFilter
ExitProcess
lstrlenW
GetModuleFileNameW
lstrcpyW
GetShortPathNameW
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetTempPathW
GetTickCount
DeleteFileW
RemoveDirectoryW
CloseHandle
DisableThreadLibraryCalls
MultiByteToWideChar
GetCurrentThreadId
GetPrivateProfileStringW
WideCharToMultiByte
SetLastError
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
OutputDebugStringA
LoadLibraryW
lstrcatW
GetCurrentProcess
FreeLibrary
SetErrorMode
LoadLibraryExA
CreateEventW
SetEvent
WaitForSingleObject
TlsSetValue
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
CreateFileW
GetDiskFreeSpaceExW
SetFileTime
SetEndOfFile
ReadFile
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
FindClose
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetFileSize
CreateDirectoryW
LoadLibraryA
WriteProcessMemory
ReadProcessMemory
VirtualProtect
GetSystemTime
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
DeviceIoControl
CopyFileW
Sleep
GlobalFree
GlobalAlloc
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
MulDiv

user32

SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
InvalidateRect
GetAncestor
IsChild
GetParent
GetSystemMetrics
SetWindowPos
DialogBoxParamW
LoadMenuW
GetSubMenu
CopyRect
TrackPopupMenuEx
DestroyIcon
ReleaseCapture
SetCapture
LoadBitmapW
DestroyMenu
EndDialog
SetDlgItemTextW
BeginPaint
GetDesktopWindow
GetClientRect
LoadIconW
DrawIcon
EndPaint
EnumWindows
EnumChildWindows
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CreateWindowExW
RegisterClassExW
GetSysColor
GetClassNameW
GetWindowRect
MapWindowPoints
SendMessageW
FindWindowExW
IsWindow
GetWindowLongW
SetWindowLongW
DestroyWindow
GetWindowTextW
SetWindowTextW
CallWindowProcW
PostMessageW
CallNextHookEx
GetMessageW
LoadStringW
GetForegroundWindow
MessageBoxW
PostThreadMessageW
CharNextW
GetKeyState
GetCursorPos
ScreenToClient
GetPropW
SetPropW
wsprintfW
ReleaseDC
GetDC
DefWindowProcW
FillRect
IsWindowVisible
InflateRect
OffsetRect
DrawTextA
SetTimer
PtInRect
LoadCursorW
SetCursor
TrackMouseEvent
GetDlgItem

gdi32

CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
DeleteDC
GetDeviceCaps
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SelectObject
DeleteObject
SetBkMode
GetStockObject

advapi32

RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
DragQueryFileW
ShellExecuteW

ole32

CoCreateGuid
StringFromCLSID
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
StringFromIID
RevokeDragDrop
CreateStreamOnHGlobal
ReleaseStgMedium
RegisterDragDrop

oleaut32

LoadTypeLi
RegisterTypeLi
OleLoadPicture
SysAllocString
SysFreeString

msvcrt

strcpy
sprintf
isalnum
_ui64tow
_wtol
wcsncat
_wtoi64
_ui64toa
wcschr
wcspbrk
strstr
strcmp
strncpy
swscanf
strlen
_wcsicmp
memcmp
_beginthreadex
wcsrchr
wcsncpy
wcscmp
wcscpy
time
wcscat
wcsstr
memmove
iswdigit
swprintf
vswprintf
??2@YAPAXI@Z
memcpy
memset
wcsncmp
_ftol
_except_handler3
_wtoi
wcslen
_snwprintf
__CxxFrameHandler
iswspace
strrchr
free
fwrite
malloc
_wfopen
_wcsnicmp
wcstod
abs
fwprintf
_strlwr
strncat
fprintf
_strnicmp
rewind
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strchr
strcat
_snprintf
fclose
fgets
fopen
fread
ftell
fseek

setupapi

SetupIterateCabinetW

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32_Update

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 738KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phoenix
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 21KB - Virtual size: 20KB

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 21KB - Virtual size: 20KB

11dec027e5d4219a73b49d3772b8b40e

Headers

File Characteristics

Imports

version

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

setupapi

netapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 738KB

.phoenix Size: 4KB - Virtual size: 840B

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 738KB

.phoenix
Size: 4KB - Virtual size: 840B

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 16KB - Virtual size: 12KB