3bd947433beddb5697a68ce770915f9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bd947433beddb5697a68ce770915f9a_JaffaCakes118
Size

489KB
MD5

3bd947433beddb5697a68ce770915f9a
SHA1

aac4554f2d09e2a3f1b1061abe3759d445771b5e
SHA256

2b489ea08c0680cbd466afb353f9731214bfa17ace6daff231badaa7c62bf117
SHA512

343fb81426782f1328bdfaeb79bb4c9b11123320b405cf362870ab536bdb12cf3a79126d9ba4c51419a22e485ab580b28ee7e3892fb919f4ebc33eb8c3b505bb
SSDEEP

12288:ngKsdIcXTljLD68byAT9DgWSGuTydd+pX6ygFUomTU:grXXTxX/F280pXMF5

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/www/sbd.exe
unpack002/www/vnchooks.dll
unpack002/www/winvnc.exe

Files

3bd947433beddb5697a68ce770915f9a_JaffaCakes118
.gz
QtdrOa.tar
.tar
metasploit-fakeUpdate.sh
.sh linux
www/Linux.jpg
.jpg .ps1 polyglot
www/OSX.jpg
.jpg
www/Windows.jpg
.jpg
www/favicon.ico
www/index.php
www/sbd.exe
.exe windows:4 windows x86 arch:x86

0ab795e02a0fa504d17e05eae71d1031

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_getpid
_strdup
__getmainargs
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_stricmp
_vsnprintf
abort
atexit
atoi
exit
fprintf
fputc
free
getenv
malloc
memcpy
memset
signal
strchr
strlen
strncmp
strncpy
strstr
vfprintf

kernel32

AddAtomA
CloseHandle
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DisconnectNamedPipe
DuplicateHandle
ExitProcess
ExitThread
FindAtomA
FormatMessageA
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetStartupInfoA
GetSystemTime
GetVersionExA
LocalFree
PeekNamedPipe
ReadFile
ReleaseSemaphore
SetUnhandledExceptionFilter
Sleep
TerminateProcess
WaitForMultipleObjects
WaitForSingleObject
WriteFile

user32

GetMessageA
MessageBoxA
PostThreadMessageA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getsockname
htonl
htons
inet_addr
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
www/vnc.reg
www/vnchooks.dll
.dll windows:4 windows x86 arch:x86

6e20f0a555bfbc5a1321c57520d8674b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetLocaleInfoA
CloseHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GlobalDeleteAtom
GlobalAddAtomA
GetModuleHandleA
GetModuleFileNameA
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSection
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar

user32

RegisterWindowMessageA
EnumWindows
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetUpdateRgn
GetPropA
SetPropA
GetCursor
GetWindowRect
IsWindowVisible
PostMessageA
GetClientRect
ClientToScreen
RemovePropA

gdi32

GetRegionData
DeleteObject
CreateRectRgn

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

Exports

Exports

SetHook
SetKeyboardFilterHook
SetKeyboardPriorityHook
SetKeyboardPriorityLLHook
SetMouseFilterHook
SetMousePriorityHook
SetMousePriorityLLHook
UnSetHook

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
www/winvnc.exe
.exe windows:4 windows x86 arch:x86

b3f50ff36ed8b11c6ce1af10b6725501

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
inet_addr
WSAStartup
WSACleanup
htonl
bind
socket
__WSAFDIsSet
recv
send
WSAGetLastError
getsockname
getpeername
select
accept
setsockopt
closesocket
listen
ioctlsocket
htons
connect
inet_ntoa
shutdown
gethostbyname

comctl32

ord17

kernel32

GlobalLock
GlobalAlloc
GetSystemTime
GlobalDeleteAtom
GlobalAddAtomA
SystemTimeToFileTime
LockResource
LoadResource
SizeofResource
FindResourceA
CreateMutexA
OpenProcess
CreateProcessA
GetModuleFileNameA
Sleep
SetProcessShutdownParameters
SetLastError
InterlockedIncrement
TlsFree
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
CreateThread
ExitThread
GetStartupInfoA
GetProcessHeap
GetCommandLineA
ExitProcess
GetModuleHandleA
RaiseException
GlobalUnlock
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ResumeThread
TlsAlloc
GetCurrentProcess
GetCurrentThread
DuplicateHandle
TlsSetValue
SetThreadPriority
TlsGetValue
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetVersionExA
GetComputerNameA
FindFirstFileA
SetErrorMode
GetLogicalDriveStringsA
FindNextFileA
FindClose
SetFileTime
CreateDirectoryA
ReadFile
GetCurrentThreadId
UnmapViewOfFile
GetCurrentProcessId
AllocConsole
DeleteFileA
MoveFileA
CreateFileA
SetFilePointer
SetEndOfFile
OutputDebugStringA
GetStdHandle
WriteConsoleA
WriteFile
CloseHandle
FreeLibrary
LoadLibraryA
GetLastError
GetProcAddress
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetConsoleOutputCP
IsDebuggerPresent
WriteConsoleW

user32

UpdateWindow
SetWindowPos
GetWindowPlacement
ClipCursor
EndPaint
FillRect
BeginPaint
GetCapture
EndDialog
DialogBoxParamA
FlashWindow
SetActiveWindow
GetWindowThreadProcessId
MapWindowPoints
CreateDialogParamA
PtInRect
InvalidateRgn
ShowWindow
GetDlgItemInt
GetFocus
SetFocus
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
SetRect
GetMessageA
TranslateMessage
GetProcessWindowStation
PostThreadMessageA
GetWindow
IsIconic
GetUserObjectInformationA
MessageBeep
SetWindowRgn
DestroyMenu
LoadIconA
LoadMenuA
GetMenuState
CheckMenuItem
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
RegisterWindowMessageA
PeekMessageA
WaitMessage
DispatchMessageA
GetForegroundWindow
RegisterClassExA
CreateWindowExA
SetClipboardViewer
GetClipboardOwner
GetClipboardData
PostQuitMessage
EnumWindows
GetPropA
IsWindowVisible
SetPropA
RemovePropA
ChangeClipboardChain
DestroyWindow
KillTimer
SetTimer
OpenClipboard
EmptyClipboard
ExitWindowsEx
InflateRect
SetClipboardData
CloseClipboard
DrawIconEx
GetIconInfo
ChangeDisplaySettingsA
OpenDesktopA
EnumDesktopWindows
SystemParametersInfoA
FindWindowA
PostMessageA
GetCursorPos
mouse_event
IntersectRect
GetKeyboardState
keybd_event
EnumDisplaySettingsA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetDC
SetWindowLongA
GetWindowLongA
SetCapture
LoadImageA
SetCursor
DestroyCursor
CallWindowProcA
DefWindowProcA
ReleaseCapture
LoadCursorA
GetParent
ClientToScreen
WindowFromPoint
IsChild
LoadBitmapA
SendMessageA
GetWindowTextA
GetClassNameA
GetWindowDC
GetWindowRgn
OffsetRect
ReleaseDC
MessageBoxA
GetSystemMetrics
GetDesktopWindow
GetWindowRect
EqualRect
IsRectEmpty
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
SetForegroundWindow

gdi32

GetObjectA
GetBitmapBits
GetRegionData
CreateRectRgnIndirect
CombineRgn
GetStockObject
GdiFlush
BitBlt
CreateDIBSection
SelectObject
CreatePalette
SelectPalette
RealizePalette
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateDCA
ExtEscape
DeleteDC
GetSystemPaletteEntries
CreateSolidBrush
CreateRectRgn
SetROP2
CreateHatchBrush
DeleteObject
FrameRgn

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
GetUserNameA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

vnchooks

SetHook
SetKeyboardPriorityHook
SetMousePriorityHook
SetKeyboardPriorityLLHook
SetMousePriorityLLHook
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHook

Sections

.text
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ab795e02a0fa504d17e05eae71d1031

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wsock32

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 368B

.bss Size: - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 2KB

6e20f0a555bfbc5a1321c57520d8674b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.SharedD Size: 4KB - Virtual size: 68B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

b3f50ff36ed8b11c6ce1af10b6725501

Headers

File Characteristics

Imports

wsock32

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

vnchooks

Sections

.text Size: 272KB - Virtual size: 270KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 224KB - Virtual size: 221KB

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 368B

.bss
Size: - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.SharedD
Size: 4KB - Virtual size: 68B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 272KB - Virtual size: 270KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 224KB - Virtual size: 221KB