4a38b1d655b65c1418304b8713bc8f49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a38b1d655b65c1418304b8713bc8f49_JaffaCakes118
Size

963KB
MD5

4a38b1d655b65c1418304b8713bc8f49
SHA1

66dabbcaa167fe4b9ba12bb15c410df92abb4e3e
SHA256

1d9af7c9cd3c008f97dfedbd519c009d8c85c1587b41de57e19d7eb6420c9cb6
SHA512

04efd33f39eb907d4f9dcc36fdde22a9b7c4b4657978a94c7646ba224b854495ac7cef4ed5f882169c9dd1874798c7c3fe0e28b19b5ed40aa7781027243ff564
SSDEEP

24576:csv98vXr8ENOhLMQAlG9ZeAvbS4PVxTRtt+P:csv9cNOhPdvbS4PVxTRt4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4a38b1d655b65c1418304b8713bc8f49_JaffaCakes118
unpack001/CamelPhat3.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

4a38b1d655b65c1418304b8713bc8f49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1dba24346e415c53ffa8a8a260a9f47e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CamelPhat3.dll
.dll windows:4 windows x86 arch:x86

29755c7c3d4bd898ca52b55ca31abfa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
MultiByteToWideChar
GlobalFree
GlobalSize
GlobalUnlock
LoadResource
FindResourceA
SizeofResource
LoadLibraryA
LockResource
FreeLibrary
GetLastError
GetProcAddress
GetVersionExA
FindFirstFileA
Sleep
GetTickCount
FindClose
GetLocalTime
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
CreateFileA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
WideCharToMultiByte
ExitProcess
DeleteCriticalSection
WriteFile
ReadFile
GetModuleFileNameA
FindNextFileA
RtlUnwind
InitializeCriticalSection
GetModuleHandleA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
HeapReAlloc
HeapAlloc
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetOEMCP
CloseHandle
GetCurrentThreadId
TlsSetValue
LeaveCriticalSection
GetVersion
InterlockedDecrement
InterlockedIncrement
RaiseException
HeapFree
EnterCriticalSection

user32

RegisterClassA
MessageBoxA
DialogBoxParamA
SetFocus
GetDlgItem
MoveWindow
GetSystemMetrics
GetWindowRect
SetWindowLongA
EndDialog
GetDlgItemTextA
GetWindowLongA
DispatchMessageA
PeekMessageA
KillTimer
SetTimer
GetDoubleClickTime
CallWindowProcA
SendMessageA
CreateWindowExA
DestroyWindow
GetWindowTextA
GetSysColor
DestroyMenu
AppendMenuA
CreatePopupMenu
TrackPopupMenu
GetDC
ReleaseDC
FillRect
DrawTextA
GetAsyncKeyState
GetCursorPos
GetUpdateRgn
BeginPaint
EndPaint
DefWindowProcA
GetKeyState
SetCapture
ReleaseCapture
LoadBitmapA
InvalidateRect
GetCursor
SetCursor
GetClassNameA
SetWindowPos
MapWindowPoints
GetParent
UnregisterClassA
LoadCursorA
GetMessageTime

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateFontIndirectA
DeleteDC
SetROP2
SetTextColor
DeleteObject
CreatePenIndirect
SetBkMode
SelectObject
SelectClipRgn
CreateRectRgn
GetCurrentObject
LineTo
Polyline
MoveToEx
GetStockObject
Ellipse
Polygon
GetPixel
CreateSolidBrush
DPtoLP
CreateBitmap
CreateDIBSection
GetObjectA
ExtFloodFill
SetPixel
GetTextExtentPoint32A
SetBkColor
CreateBrushIndirect
Pie
Arc

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

OleInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
OleUninitialize

Exports

Exports

VSTPluginMain
main

Sections

.text
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CamelPhatData/CamelPhat3Manual.pdf
.pdf
CamelPhatData/CamelPhat3PresetsA.fxb
CamelPhatData/CamelPhat3PresetsB.fxb
CamelPhatData/CamelPhat3PresetsC.fxb
CamelPhatData/CamelPhat3PresetsD.fxb
CamelPhatData/Skins/default/Background.png
.png
CamelPhatData/Skins/default/ButtonRandom.png
.png
CamelPhatData/Skins/default/FontDisplay.png
.png
CamelPhatData/Skins/default/FontSelector.png
.png
CamelPhatData/Skins/default/FontVersion.png
.png
CamelPhatData/Skins/default/Knob.png
.png
CamelPhatData/Skins/default/KnobSmall.png
.png
CamelPhatData/Skins/default/LevelMeterOff.png
.png
CamelPhatData/Skins/default/LevelMeterOn.png
.png
CamelPhatData/Skins/default/LfoBkg.png
.png
CamelPhatData/Skins/default/LfoSelect1.png
.png
CamelPhatData/Skins/default/LfoSelect2.png
.png
CamelPhatData/Skins/default/OnButton.png
.png
CamelPhatData/Skins/default/OnButtonGold.png
.png
CamelPhatData/Skins/default/PhatButton.png
.png
CamelPhatData/Skins/default/SelectorFilter.png
.png
CamelPhatData/Skins/default/SelectorLfo.png
.png
CamelPhatData/Skins/default/SelectorPreset.png
.png
CamelPhatData/Skins/default/SelectorScreenX.png
.png
CamelPhatData/Skins/default/SelectorScreenY.png
.png
CamelPhatData/Skins/default/SkinParameters.txt
CamelPhatData/Skins/default/VSlider.png
.png
CamelPhatData/Skins/default/VSliderBar.png
.png
CamelPhatData/Skins/default/XYCursor.png
.png
CamelPhatData/Skins/default/XYScreen.png
.png

Sharing

General

Malware Config

Signatures

Files

1dba24346e415c53ffa8a8a260a9f47e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

29755c7c3d4bd898ca52b55ca31abfa8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

Exports

Exports

Sections

.text Size: 460KB - Virtual size: 458KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 40KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 712B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 460KB - Virtual size: 458KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 40KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 712B

.reloc
Size: 32KB - Virtual size: 28KB