2a736a0ca30af35e3b110ac095159244_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a736a0ca30af35e3b110ac095159244_JaffaCakes118
Size

140KB
MD5

2a736a0ca30af35e3b110ac095159244
SHA1

b7614b3851142cae1f061dbf8b99360373da087b
SHA256

a0e28f0adaa9d94749ac87434c3d23339ace929ea9c549f2af2bccbd0c723e17
SHA512

8eb85b9697e457a49aa60900d91a3ced0bbfa7094e208d247522702a36d20e84b712b7b7bac6449a30ccf29dc9b518a4af402ff05d0e9c27db3e63c03e215353
SSDEEP

3072:wdKnGVqrgO2D33xKQD0jZ1RnDiesgFuyTOc8Zqy5Spvrix5:wdKyqMOcHxKQAjLheer8y6c8ZqMyvQ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iexpress/ADVPACK.DLL
unpack001/iexpress/W95INF32.DLL
unpack001/iexpress/iexpress.exe
unpack001/iexpress/makecab.exe
unpack001/iexpress/wextract.exe

Files

2a736a0ca30af35e3b110ac095159244_JaffaCakes118
.rar
iexpress/ADVPACK.DLL
.dll windows:5 windows x86 arch:x86

1883e642b24153991f1cc921af0e5b3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

advpack.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
longjmp
memmove
_setjmp3
free

user32

CreateDialogParamA
UpdateWindow
DestroyWindow
ShowWindow
IsWindow
OemToCharA
DialogBoxParamA
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
SetWindowTextA
GetDlgItem
EnableWindow
EndDialog
ExitWindowsEx
CharToOemA
MessageBeep
MessageBoxA
SendDlgItemMessageA
GetSystemMetrics
CharUpperA
CharPrevA
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
SendMessageA
LoadStringA
wsprintfA
CharNextA

gdi32

DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetFileTime
GetFileTime
ReadFile
WritePrivateProfileSectionA
GetProfileStringA
GetLocalTime
GetFullPathNameA
GetSystemInfo
SearchPathA
GetPrivateProfileIntA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
GetProcAddress
GetLastError
lstrcpyA
GetDriveTypeA
lstrcpynA
lstrlenA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
SetFilePointer
LocalFree
LocalAlloc
lstrcatA
GetModuleFileNameA
IsBadReadPtr
DeleteFileA
LocalReAlloc
DisableThreadLibraryCalls
lstrcmpA
GetPrivateProfileStringA
FreeLibrary
GetFileAttributesA
MultiByteToWideChar
FindFirstFileA
_llseek
_lopen
GetFileSize
CreateProcessA
LoadLibraryA
LoadLibraryExA
UnmapViewOfFile
SetLastError
MapViewOfFileEx
CreateFileMappingA
RemoveDirectoryA
FormatMessageA
IsDBCSLeadByte
GetShortPathNameA
ExpandEnvironmentStringsA
lstrcmpiA
GetVolumeInformationA
SetFileAttributesA
CreateDirectoryA
GetPrivateProfileSectionA
CopyFileA
MoveFileExA
MoveFileA
GetSystemDirectoryA
GetCurrentProcess
GetVersionExA
FindClose
FindNextFileA
_lclose

advapi32

RegDeleteKeyA
RegDeleteValueA
GetTokenInformation
EqualSid
RegEnumKeyA
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
RegFlushKey
AllocateAndInitializeSid
FreeSid
RegEnumValueA
RegSetValueA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
OleUninitialize
OleInitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
GetVersionFromFileEx
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
SetPerUserSecValues
TranslateInfString
TranslateInfStringEx
UserInstStubWrapper
UserUnInstStubWrapper

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iexpress/IEXsp3.inf
iexpress/W95INF16.DLL
iexpress/W95INF32.DLL
.dll windows:4 windows x86 arch:x86

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SUnMapLS_IP_EBP_16
SMapLS_IP_EBP_16
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_12
ThunkConnect32
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_8

user32

MessageBoxA

Exports

Exports

CtlSetLddPath32@8
GenFormStrWithoutPlaceHolders32@12
GenInstall32@20
GetSETUPXErrorText32@12
w95thk_ThunkData32

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iexpress/iexpress.exe
.exe windows:5 windows x86 arch:x86

310bc56415a832bde913dc65d82431b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iexpress.pdb

Imports

kernel32

GetVersionExA
GetModuleFileNameA
GetFileAttributesA
WritePrivateProfileSectionA
DeleteFileA
ReadFile
SetFileAttributesA
FormatMessageA
GetLastError
CopyFileA
GetPrivateProfileSectionA
CreateDirectoryA
GetSystemInfo
GetShortPathNameA
WriteFile
GetExitCodeProcess
CreateProcessA
_llseek
_lwrite
_lread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
GetTickCount
_lclose
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
MoveFileA
GetTempPathA
GetTempFileNameA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
FreeLibrary
EnumResourceTypesA
LoadLibraryExA
GlobalAlloc
GetCurrentDirectoryA
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetPrivateProfileIntA
HeapFree
lstrcpynA
ExitProcess
GetProcAddress
GetModuleHandleA
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
SetStdHandle
FlushFileBuffers
GetFullPathNameA
lstrcmpiA
LocalAlloc
lstrcatA
lstrlenA
lstrcpyA
IsDBCSLeadByte
FindFirstFileA
FindClose
GetPrivateProfileStringA
lstrcmpA
HeapAlloc
WritePrivateProfileStringA
CreateFileA
CloseHandle
GetCommandLineA
LocalFree

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
GetObjectA
CreateFontIndirectA

user32

LoadStringA
SendMessageA
ReleaseDC
GetDC
CharNextA
SendDlgItemMessageA
GetSystemMetrics
MessageBoxA
MessageBeep
wsprintfA
SetFocus
PostMessageA
SetDlgItemTextA
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
ShowWindow
GetWindowRect
CheckRadioButton
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
GetParent
SetWindowLongA
GetWindowLongA
CallWindowProcA
EnableWindow
GetDlgItem
CharPrevA

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

CheckSumMappedFile

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iexpress/makecab.exe
.exe windows:5 windows x86 arch:x86

6685a705dbcc207b555524a74fcdd7b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

makecab.pdb

Imports

msvcrt

_stat
_unlink
__doserrno
_mkdir
strncpy
fwrite
fread
tolower
_c_exit
_exit
_XcptFilter
clock
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_vsnprintf
_tempnam
_ftol
time
fopen
ctime
fprintf
fclose
_eof
_strnicmp
remove
_lseek
_close
_write
_read
_open
_errno
_ltoa
toupper
isdigit
atol
atoi
strchr
strncmp
setvbuf
_iob
exit
_stricmp
strspn
strpbrk
printf
malloc
_strdup
_cexit
free

kernel32

Sleep
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
SetFileAttributesA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetCurrentProcessId
GetLastError

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

CharNextExA

cabinet

ord10
ord11
ord13
ord14
ord12

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iexpress/wextract.exe
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iexpress/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

1883e642b24153991f1cc921af0e5b3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.data Size: 1KB - Virtual size: 52KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 5KB

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 400B

.rdata Size: 512B - Virtual size: 247B

.data Size: 512B - Virtual size: 173B

.idata Size: 512B - Virtual size: 320B

.rsrc Size: 1024B - Virtual size: 908B

.reloc Size: 512B - Virtual size: 92B

310bc56415a832bde913dc65d82431b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

comctl32

comdlg32

version

imagehlp

advapi32

Sections

.text Size: 75KB - Virtual size: 74KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 30KB - Virtual size: 29KB

6685a705dbcc207b555524a74fcdd7b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

version

user32

cabinet

Sections

.text Size: 51KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1008B

0ebb3c09b06b1666d307952e824c8697

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

.text
Size: 80KB - Virtual size: 80KB

.data
Size: 1KB - Virtual size: 52KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 512B - Virtual size: 400B

.rdata
Size: 512B - Virtual size: 247B

.data
Size: 512B - Virtual size: 173B

.idata
Size: 512B - Virtual size: 320B

.rsrc
Size: 1024B - Virtual size: 908B

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 75KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 30KB - Virtual size: 29KB

.text
Size: 51KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1008B

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 19KB - Virtual size: 18KB