1aa662cbed2e1a989016cc147d981155_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1aa662cbed2e1a989016cc147d981155_JaffaCakes118
Size

833KB
MD5

1aa662cbed2e1a989016cc147d981155
SHA1

22b33021aa33f973c4f25473fbb7ab0ccea89213
SHA256

40323e9636d2e0d62a0e3019c23fb938f6fe0f3592653bd2e6a5b7097beeeedf
SHA512

b5f2be8f6652b3b7077b032b1d345fd99b232265ea936a8d9ae2af68ca81de527a2792a9ccf353655d43ba9b4dbe7853dbee4d1608a4179d061d8d8c840197d3
SSDEEP

24576:P+yOrHj+T3mQbz6AlihQ+Ojbpt7kKTxI+BM+BxuEnQN:2yOr6T3mOliJO/pNkmx92oxuxN

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PDF_Password_Remover_3.0/SkinMagic.dll
unpack001/PDF_Password_Remover_3.0/Uninstal.exe
unpack001/PDF_Password_Remover_3.0/pdfdecrypt.exe
unpack001/PDF_Password_Remover_3.0/subresync.lang
unpack001/PDF_Password_Remover_3.0/winDecrypt.exe

Files

1aa662cbed2e1a989016cc147d981155_JaffaCakes118
.rar
PDF_Password_Remover_3.0/SkinMagic.dll
.dll windows:4 windows x86 arch:x86

cc8a601c9cb16b309650f5711e83f417

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
LockResource
lstrcmpiA
lstrcpynA
lstrcmpA
GetLocaleInfoW
CompareStringA
EnumSystemLocalesA
GetTimeZoneInformation
lstrlenA
GetTempFileNameA
GetTempPathA
FreeLibrary
GetProcessHeap
GlobalUnlock
SizeofResource
GetUserDefaultLCID
GetTickCount
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
LoadResource
FindResourceA
IsValidLocale
GetSystemInfo
GetCurrentProcessId
VirtualQuery
WriteProcessMemory
VirtualProtect
FlushInstructionCache
GetWindowsDirectoryA
DeleteFileA
RaiseException
HeapSize
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
CreateFileW
SetConsoleCtrlHandler
SetEndOfFile
InterlockedExchange
ExitProcess
GetVersion
GetCommandLineA
lstrcpyA
GetModuleHandleA
GetLocaleInfoA
IsValidCodePage
InterlockedDecrement
Sleep
InterlockedIncrement
LCMapStringW
GetStringTypeW
GetStringTypeA
RtlUnwind
LCMapStringA
MultiByteToWideChar
HeapReAlloc
LoadLibraryA
IsBadWritePtr
GetACP
VirtualAlloc
GetOEMCP
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
CreateThread
HeapFree
GetProcAddress
InitializeCriticalSection
WriteFile
HeapDestroy
VirtualFree
HeapCreate
GetEnvironmentStrings
GetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsA
WideCharToMultiByte
FreeEnvironmentStringsW
GetStartupInfoA
GetModuleFileNameA
DeleteCriticalSection
SetHandleCount
GetFileType
GetStdHandle
TlsGetValue
GetCurrentThread
GetLastError
TlsAlloc
SetLastError
TlsFree
GetCurrentProcess
TlsSetValue
GetCurrentThreadId
MulDiv
TerminateProcess
GetSystemTime
GlobalLock
GlobalAlloc
GetVersionExA

user32

EnableMenuItem
GetSystemMenu
DrawIconEx
DestroyMenu
GetMenuItemCount
GetClassLongA
EnableScrollBar
GetScrollInfo
GetScrollPos
GetScrollRange
SetScrollInfo
InflateRect
SetScrollPos
ShowScrollBar
GetDC
GetIconInfo
GetCursor
CharUpperBuffA
IsWindowEnabled
LoadStringA
DrawFrameControl
DestroyIcon
DrawStateA
EnumChildWindows
SetFocus
SetScrollRange
GetFocus
SetRect
GetWindowWord
DrawIcon
ValidateRect
GetSubMenu
GetMenuItemID
EqualRect
IsMenu
DrawMenuBar
CharLowerA
CharUpperA
DestroyCursor
LoadImageA
SetCursor
CopyIcon
CopyRect
MapWindowPoints
GetMessagePos
GetCapture
DrawTextExA
CreateIconIndirect
InsertMenuItemA
GetMenuItemInfoA
GetDesktopWindow
LockWindowUpdate
ScreenToClient
EnableWindow
IsWindowVisible
SetCapture
ReleaseCapture
DestroyWindow
DrawEdge
CreatePopupMenu
BeginPaint
EndPaint
ClientToScreen
PtInRect
KillTimer
InvalidateRect
SetForegroundWindow
SetTimer
UpdateWindow
UnregisterClassA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetKeyState
CopyAcceleratorTableA
GetMenu
SetMenu
IsRectEmpty
GetWindowInfo
GetWindow
MoveWindow
ShowWindow
PostMessageA
ReleaseDC
GetWindowDC
GetClientRect
GetWindowTextA
DrawTextA
SetWindowRgn
SetWindowPos
RemovePropA
SetPropA
SetWindowLongA
RedrawWindow
CallWindowProcA
DefWindowProcA
GetSysColorBrush
GetSysColor
GetMessageA
DispatchMessageA
IsWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetParent
GetWindowLongA
GetActiveWindow
GetClassNameA
GetPropA
GetMenuState
GetCursorPos
FillRect
SendMessageA
CallNextHookEx
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
IsZoomed

gdi32

GetDCOrgEx
GetClipBox
SetTextColor
SetBkMode
CombineRgn
CreateFontIndirectA
OffsetRgn
CreateRectRgnIndirect
CreateRectRgn
GetStockObject
CreateSolidBrush
BitBlt
ExtCreateRegion
GetRegionData
GetTextExtentPointA
GetDIBits
CreateICA
DeleteDC
SetBkColor
CreateBitmap
GetObjectA
SelectPalette
GetDeviceCaps
RealizePalette
CreateCompatibleDC
StretchBlt
CreateCompatibleBitmap
RestoreDC
SaveDC
Polygon
SetDIBitsToDevice
SetStretchBltMode
CreateDIBSection
RectVisible
StretchDIBits
ExtSelectClipRgn
ExcludeClipRect
GetPixel
PtInRegion
LineTo
MoveToEx
SetPixel
CreatePen
SelectClipRgn
Rectangle
TextOutA
GetTextExtentPoint32A
GetClipRgn
GetRgnBox
GetTextMetricsA
IntersectClipRect
PatBlt
SetBrushOrgEx
UnrealizeObject
CreatePatternBrush
ExtTextOutA
CreateDIBitmap
DeleteObject
SelectObject

imagehlp

ImageDirectoryEntryToData

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueA

shell32

ExtractIconExA

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_Destroy
ImageList_GetIcon
ImageList_Create
_TrackMouseEvent
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Draw
ImageList_AddMasked

Exports

Exports

CloseSkinData
CreateImageList
CreateSkinImageRectRegion
CreateSkinImageSectionRegion
DisableWindowScrollbarSkin
DrawSkinImageRect
DrawSkinImageSection
DrawSkinTextEffect
EnableCaptionButtons
EnableWindowScrollbarSkin
ExitSkinMagicLib
GetCaptionButtonState
GetLibVersion
GetSkinBool
GetSkinClientRect
GetSkinColor
GetSkinControlBkColor
GetSkinControlColor
GetSkinControlFont
GetSkinControlID
GetSkinControlRect
GetSkinDWORD
GetSkinFont
GetSkinImageSectionMargins
GetSkinInt
GetSkinMagicErrorCode
GetSkinMenu
GetSkinObjectText
GetSkinString
GetSkinSysColor
GetSkinSysColorBrush
GetSkinTransparentColor
HideTooltip
InitSkinMagicLib
LoadSkinFile
LoadSkinFromResource
OpenSkinData
RedrawCaptionStatic
RegisterSkinWindow
RemoveDialogSkin
RemoveWindowSkin
SetCaptionButtonState
SetCaptionButtonTooltip
SetControlSkin
SetControlTooltip
SetDialogSkin
SetShapeWindowSkin
SetSingleDialogSkin
SetSkinMenu
SetSkinObjectText
SetSkinWindowAccelerator
SetWindowMainMenuImage
SetWindowSkin
ShowSkinObject
ShowTooltipPoint
TrackSkinPopupMenu
TrackSkinPopupMenuEx
UnregisterSkinWindow

Sections

.text
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDF_Password_Remover_3.0/Uninstal.exe
.exe windows:4 windows x86 arch:x86

00b5cc35b148ad3ce778a33a2948baf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
SetPriorityClass
ResumeThread
GetCurrentThread
GetWindowsDirectoryA
_lclose
_lwrite
GetSystemDirectoryA
CreateProcessA
_lopen
SetThreadPriority
SetCurrentDirectoryA
MoveFileExA
GetModuleFileNameA
GetShortPathNameA
GetVersionExA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
SetFilePointer
WriteFile
ReadFile
LocalAlloc
GetCurrentDirectoryA
WritePrivateProfileStringA
LocalFree
lstrcatA
_lread
_llseek
GetLastError
FindFirstFileA
TerminateProcess
DeleteFileA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
CreateFileA
FreeEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapCompact
HeapAlloc
HeapFree
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
ExitProcess
FreeEnvironmentStringsA
GetStartupInfoA
GetModuleHandleA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualFree
VirtualAlloc
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate

user32

GetSysColor
GetWindow
SendMessageA
MessageBoxA
wsprintfA
SetDlgItemTextA
SetWindowTextA
GetMessageA
EndDialog
DialogBoxParamA
DefWindowProcA
PostQuitMessage
RegisterClassA
LoadCursorA
LoadIconA
CreateWindowExA
DestroyWindow
DispatchMessageA

gdi32

CreateSolidBrush
GetObjectA
SetBkColor
CreateFontIndirectA
RemoveFontResourceA
DeleteObject
GetStockObject

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleUninitialize
OleInitialize

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PDF_Password_Remover_3.0/help.htm
.html
PDF_Password_Remover_3.0/help/Thumbs.db
PDF_Password_Remover_3.0/help/help_1.png
.png
PDF_Password_Remover_3.0/help/help_2.png
.png
PDF_Password_Remover_3.0/help/help_3.png
.png
PDF_Password_Remover_3.0/help/logo.gif
.gif
PDF_Password_Remover_3.0/license.dat
PDF_Password_Remover_3.0/pdfdecrypt.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

��0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��1
Size: 222KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PDF_Password_Remover_3.0/skin.smf
PDF_Password_Remover_3.0/subresync.lang
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDF_Password_Remover_3.0/winDecrypt.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

unpacked
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

unpacked
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

unpacked
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.snaker
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PDF_Password_Remover_3.0/winDecrypt.url

Sharing

General

Malware Config

Signatures

Files

cc8a601c9cb16b309650f5711e83f417

Headers

File Characteristics

Imports

kernel32

user32

gdi32

imagehlp

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 376KB - Virtual size: 373KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 24KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 24KB - Virtual size: 23KB

00b5cc35b148ad3ce778a33a2948baf6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

���0 Size: - Virtual size: 416KB

���1 Size: 222KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 4KB - Virtual size: 8B

Headers

File Characteristics

Sections

unpacked Size: 524KB - Virtual size: 524KB

unpacked Size: 296KB - Virtual size: 296KB

unpacked Size: 8KB - Virtual size: 8KB

.snaker Size: 8KB - Virtual size: 8KB

.text
Size: 376KB - Virtual size: 373KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 24KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

��0
Size: - Virtual size: 416KB

��1
Size: 222KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 4KB - Virtual size: 8B

unpacked
Size: 524KB - Virtual size: 524KB

unpacked
Size: 296KB - Virtual size: 296KB

unpacked
Size: 8KB - Virtual size: 8KB

.snaker
Size: 8KB - Virtual size: 8KB