2324ffc8587967073c242e8fb0c42080_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2324ffc8587967073c242e8fb0c42080_JaffaCakes118
Size

2.9MB
MD5

2324ffc8587967073c242e8fb0c42080
SHA1

18679edd9b20d9e7315147d95cdd29ae38c232ed
SHA256

5f2b46f5df2600672874bacaac7da91065b91f782d02a70779938afabd0b831f
SHA512

85ce4d799c5354f04bb89f743823d7d3d69ee57b8d9be0ef7a2afd985a5b5c24a9fe62e127ad3f392a7b75852fbe62a1c51b061434418c6d9595e73b0aca35b4
SSDEEP

49152:ZrapIqaVAOmWYAovpTDy5s6T6exYVkysIG8gW+BYIXrZ/M76O46q:Z85aFYn9exYOIzgW+BYENo6Xx

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack002/_0E76B7E1C0F1A934E98D41071233AC5C
unpack002/_16311EADB3C16B33B3E651005018B40E
unpack002/_39A6A53CB37E45A4838DE0D36ACA418C
unpack002/_75EA964ECCC39211C9E2638226B8888D
unpack002/_A6755094F822FE9281FE2224BD8A5069
unpack002/_B4D989EAA7372772629B303EA9905B22
unpack002/_F10ECEB16E744CBC05FC2CF4F7CE9512
unpack002/_FE53A14BC2C5CB0E86DB735899099FAB
unpack001/IdiomDictionary/Setup.Exe

Files

2324ffc8587967073c242e8fb0c42080_JaffaCakes118
.rar
IdiomDictionary/SETUP.CAB
.cab
_012D2BA1F6D34F29B1DDBEC9CE7CE41A
.png
_07EBFDD931F343ECB2BB5B2B370AA10F
.png
_0E76B7E1C0F1A934E98D41071233AC5C
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_16311EADB3C16B33B3E651005018B40E
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_182575938D2C4D08AD85CC03269FD277
.png
_231920A82D5945FEBD1BB09C1885D934
.png
_26E906831C694075AF3AF5BFF57490DD
.png
_32C01CB850FD4BE9A58756887F65FE95
.gif
_368EC73E107C47808B674CBAE10542C8
_37C555D3B35A49578D9BDEF894F408F5
.gif
_39A6A53CB37E45A4838DE0D36ACA418C
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_49991D45F24F4909B665F2F1D81DC44F
.gif
_4A87A7E7603840B9BAE806CEB6855859
.rtf
_60F0B172B7B6475EB3D54985E23DCC98
.png
_64FE3FA23D7849FABA0A4A4F25D6A488
.gif
_75EA964ECCC39211C9E2638226B8888D
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_7D873AA523294A47A99E77BC271AE0BB
_899F5E63D4D14869B871EB0681AEDE52
.gif
_956E5A1C77D74848AEE4588035A8CC32
_A6755094F822FE9281FE2224BD8A5069
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_B1FE6EFD412E4B438A03EB5146D29B7F
.chm
_B4D989EAA7372772629B303EA9905B22
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_B77626BD959A494B99658F0BA7674AF1
.jpg
_C3F8E79AEDFC490791D8DA5DE431C382
.gif
_D31ED6EC70094A298431974E5DB35A28
.gif
_D4485AF3125741C0BCF552C6907A5175
.gif
_D4CFDD0538654E329FA65E53B7C36E79
.png
_E396DF05441F451982EEB0045EF37449
.gif
_F10ECEB16E744CBC05FC2CF4F7CE9512
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_FE53A14BC2C5CB0E86DB735899099FAB
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IdiomDictionary/Setup.Exe
.exe windows:4 windows x86 arch:x86

16565ac95a428f6ccd17d07d629c1a8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msiloadr.pdb

Imports

oleaut32

VarUI4FromStr
SysAllocStringLen
GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString

ole32

OleRun
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

kernel32

lstrcmpA
CloseHandle
CreateFileA
Sleep
SetLastError
GetTickCount
GetPrivateProfileStringA
GetModuleFileNameA
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
WideCharToMultiByte
lstrlenW
IsBadReadPtr
GetProcAddress
WriteFile
ReadFile
DeleteFileW
SetErrorMode
LoadLibraryExA
MultiByteToWideChar
LoadResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
GetUserDefaultLCID
GetEnvironmentVariableA
GetVersion
CreateFileW
FindResourceW
GlobalAlloc
GetModuleFileNameW
GetTempFileNameW
GetTempPathW
LoadLibraryExW
GetLocaleInfoA
InterlockedExchange
LocalFree
GetTempFileNameA
GetTempPathA
GlobalFree
CreateMutexA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
HeapSize
IsBadWritePtr
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
RtlUnwind
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
GetACP
FlushFileBuffers
SetFilePointer
IsBadCodePtr

user32

LoadStringA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
CharNextA

shell32

ShellExecuteA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IdiomDictionary/Setup.Ini
IdiomDictionary/Setup.msi
.msi
IdiomDictionary/下载说明.htm
.html .js polyglot
IdiomDictionary/安装说明.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 132KB - Virtual size: 129KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 32KB - Virtual size: 31KB

.rsrc Size: 4KB - Virtual size: 856B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 112KB - Virtual size: 109KB

.rsrc Size: 4KB - Virtual size: 816B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

.text
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 132KB - Virtual size: 129KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 7.6MB - Virtual size: 7.6MB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 112KB - Virtual size: 109KB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 4KB