22efab8377bf50f0dc520b24218fd9bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22efab8377bf50f0dc520b24218fd9bc_JaffaCakes118
Size

152KB
MD5

22efab8377bf50f0dc520b24218fd9bc
SHA1

54ce7f9ffb101e4eb64bdee376d7ea4a8e9eee61
SHA256

1f6900feca11ffd28cbd8611ea2c08e3c5c9fed479a53792f68fa9b28debd53e
SHA512

f1e84499e68616648aedad20f1bb6056fa568555928b4b5fdd857abc854108732853d5569fe0c1bae030d0eaf4d3886e307bbc1a40b21a3f35c4279f0083c144
SSDEEP

3072:YZCYpz3lRGUrg2pUxCtenfbMzV5Soy+NhXJanI/Vr+ErcmfHzOd2P/:YVZ3KUrFJ0nfbMzP2C6Arxcmbg2n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WakeSplitter.ax
unpack001/x3_codec.exe

Files

22efab8377bf50f0dc520b24218fd9bc_JaffaCakes118
.zip
WakeSplitter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

fcecf2ca132a44bd4e754328e67dd53a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\WakeNet\player\plugins\WakeSplitter\Release\WakeSplitter.pdb

Imports

winmm

timeGetTime

advapi32

RegSetValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize

kernel32

lstrlenA
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
CloseHandle
Sleep
LeaveCriticalSection
EnterCriticalSection
ReadFile
SetFilePointer
DeleteCriticalSection
WideCharToMultiByte
GetLastError
GetFileSize
CreateFileA
SetEvent
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
CreateThread
MultiByteToWideChar
GetModuleFileNameA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CreateEventA
ReleaseSemaphore
GetSystemInfo
VirtualFree
GetCurrentProcess
GetCurrentThreadId
CreateSemaphoreA
VirtualAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetTickCount
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
UnhandledExceptionFilter
WriteFile
HeapReAlloc
IsBadWritePtr
HeapSize
VirtualQuery
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
TlsAlloc

user32

wsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x3_codec.exe
.exe windows:4 windows x86 arch:x86

4ccb972ce5e1dea4c3722aa482f6f7db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WakeNet\player\plugins\x3codec\Release\x3codec.pdb

Imports

kernel32

HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapReAlloc
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
TerminateProcess
HeapFree
HeapAlloc
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
lstrcmpiW
FormatMessageW
LocalFree
MulDiv
SetLastError
InterlockedDecrement
lstrcpynW
GlobalFindAtomW
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
WritePrivateProfileStringW
GlobalUnlock
GlobalFree
FreeResource
CloseHandle
GlobalAddAtomW
lstrlenW
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
GetLastError
lstrlenA
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
GetVersionExW

user32

GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
GetWindowTextW
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
wsprintfW
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetWindowTextLengthW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
PostMessageW
UnregisterClassW
GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
SendMessageW
GetSystemMenu
AppendMenuW
LoadIconW
EnableWindow
GetTopWindow

gdi32

RectVisible
GetDeviceCaps
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcecf2ca132a44bd4e754328e67dd53a

Headers

File Characteristics

PDB Paths

Imports

winmm

advapi32

ole32

kernel32

user32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 8KB - Virtual size: 7KB

4ccb972ce5e1dea4c3722aa482f6f7db

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 40KB - Virtual size: 38KB