2780538d70dd58fe256a736f42c13ac0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2780538d70dd58fe256a736f42c13ac0_JaffaCakes118
Size

763KB
MD5

2780538d70dd58fe256a736f42c13ac0
SHA1

9ab3013abe54469f7c9ee61abd350ce4d7c8bbea
SHA256

d1a0a3d48f41cdaed98a96dafee9d8c3285c0532b70aa422c86b4c721244380e
SHA512

b23edf0132497c00bc4863f51a07727a9342061bf45c312e142e8b4564b664ac40b60b171ddb8a32bef13ca1f9188a2a047c036ff70b6788230ef3b3a55303d3
SSDEEP

12288:EYm/abaWm2/aC0SaKGy9O42G/s9l/oQtZipgW6LQeEmaVIwwpgBQO:EsbaWmbCtGpJG/s9l/oQtZipgHLOdGRy

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
2780538d70dd58fe256a736f42c13ac0_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/GiSoon.exe
unpack001/Plugin/SnapShot/CameraDll.dll
unpack001/Plugin/SnapShot/SnapShot.exe
unpack001/Resource/GISoonUpdate.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

2780538d70dd58fe256a736f42c13ac0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
About.txt
GiSoon.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 461KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GiSoon.exe.manifest
.xml
Language/ChineseGB.ini
Plugin/Alexa/Readme.txt
Plugin/Alexa/alexa.htm
.html
Plugin/Alexa/alexa.ico
Plugin/Alexa/plugin.ini
Plugin/FlashSaveGB/FlashSave.html
.html .js polyglot
Plugin/FlashSaveGB/cold.ico
Plugin/FlashSaveGB/hot.ico
Plugin/FlashSaveGB/plugin.ini
Plugin/KillAd/killad.htm
.html .js polyglot
Plugin/KillAd/killad.ico
Plugin/KillAd/plugin.ini
Plugin/MouseUnlock/MouseUnlock.htm
.html .js polyglot
Plugin/MouseUnlock/MouseUnlock.ico
Plugin/MouseUnlock/plugin.ini
Plugin/PageZoomMore/icon.ico
Plugin/PageZoomMore/plugin.ini
Plugin/PageZoomMore/script.htm
.html
Plugin/SnapShot/CameraDll.dll
.dll windows:4 windows x86 arch:x86

1c21b3d3e16117724ac2ad804c0c0eed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3136
ord4465
ord2985
ord3081
ord2976
ord3259
ord3262
ord3830
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord3831
ord561
ord815
ord2514
ord6467
ord641
ord795
ord3953
ord3663
ord5450
ord6394
ord823
ord5440
ord6383
ord5265
ord4998
ord6052
ord825
ord1775
ord4407
ord4078
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord2859
ord2864
ord324
ord4234
ord4853
ord4376
ord4710
ord2379
ord6453
ord5241
ord3626
ord2414
ord4133
ord4297
ord5788
ord2982
ord3147
ord6197
ord6380
ord772
ord5860
ord500
ord6055
ord1776
ord5290
ord3402
ord3721
ord818
ord567
ord2302
ord4299
ord1146
ord1168
ord654
ord341
ord3571
ord800
ord5981
ord6195
ord6215
ord613
ord3920
ord289
ord2086
ord4274
ord816
ord5781
ord1641
ord562
ord4476
ord5875
ord6199
ord2301
ord6334
ord2452
ord1175
ord535
ord2818
ord4160
ord540
ord640
ord5785
ord1640
ord323
ord860
ord3619
ord755
ord6172
ord5789
ord470
ord2754
ord3610
ord656
ord4275
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord5714
ord5289
ord5307
ord4698
ord4079
ord472
ord6119
ord3693
ord3706
ord1116
ord1176
ord1197
ord1575
ord1577
ord1182
ord342
ord1243
ord269
ord1570
ord1253
ord1255
ord1578
ord600
ord826

msvcrt

malloc
__CxxFrameHandler
strcmp
memcpy
memset
_purecall
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
free
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

LocalFree
Sleep
GetPrivateProfileIntA
CreateMutexA
GetLastError
CloseHandle
LocalAlloc
WritePrivateProfileStringA

user32

SetClipboardData
EmptyClipboard
CloseClipboard
LoadCursorA
LoadIconA
SetCursor
GetClientRect
PostMessageA
LoadBitmapA
ReleaseCapture
GetCursorPos
SetCapture
EnableWindow
GetParent
ScreenToClient
WindowFromPoint
GetWindowRect
InvalidateRect
KillTimer
OffsetRect
GetClassNameA
PtInRect
EqualRect
SetTimer
IsRectEmpty
SetRect
SetRectEmpty
GetWindowDC
ReleaseDC
SendMessageA
ShowWindow
GetDesktopWindow
GetWindow
GetWindowLongA
OpenClipboard

gdi32

SelectObject
GetDeviceCaps
BitBlt
GetPixel
CreateRectRgn
DeleteDC
CreateCompatibleDC
CreateBitmapIndirect
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
GetStockObject

Exports

Exports

CameraSubArea
CameraWindow
CameraWindowLikeSpy

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYSHARE
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/SnapShot/SnapShot.exe
.exe windows:4 windows x86 arch:x86

d8ac346f6f2ffd1c9d9c3d1ed6730991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
GetProcAddress
LoadLibraryA
Sleep
GetFileType
GetEnvironmentVariableA
GetStringTypeA
LCMapStringW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
FreeLibrary
GetStdHandle
GetCPInfo
GetStringTypeW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA

user32

MessageBoxA
LoadIconA
RegisterClassExA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resource/CollectorScript.txt.default
.js
Resource/DownManager.ini.default
.vbs
Resource/Filter.ini.default
Resource/GISoonUpdate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Resource/GiSoonUpdate.exe.manifest
.xml
eula.txt
readme.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 25KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 1.4MB

.nsp1 Size: 461KB - Virtual size: 465KB

.rsrc Size: 67KB - Virtual size: 67KB

1c21b3d3e16117724ac2ad804c0c0eed

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4KB

.MYSHARE Size: 4KB - Virtual size: 8B

.rsrc Size: 36KB - Virtual size: 32KB

.reloc Size: 4KB - Virtual size: 3KB

d8ac346f6f2ffd1c9d9c3d1ed6730991

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 20KB - Virtual size: 19KB

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 1.0MB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.nsp0
Size: - Virtual size: 1.4MB

.nsp1
Size: 461KB - Virtual size: 465KB

.rsrc
Size: 67KB - Virtual size: 67KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4KB

.MYSHARE
Size: 4KB - Virtual size: 8B

.rsrc
Size: 36KB - Virtual size: 32KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 19KB

.nsp0
Size: - Virtual size: 1.0MB

.nsp1
Size: 167KB - Virtual size: 168KB

.nsp2
Size: - Virtual size: 5KB