605decf2a932adaf06b4e6b64cb0fd9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

605decf2a932adaf06b4e6b64cb0fd9f_JaffaCakes118
Size

200KB
MD5

605decf2a932adaf06b4e6b64cb0fd9f
SHA1

4e4994e2ceb8dc0068c2e18ad686ab26b234df4d
SHA256

41ef31fc99b9e62b7d7be7cdbbdf50a1569f13722af23e3c08079c083a0f46af
SHA512

fa51dab0dc594d7b6d9e79019b7ef5c00ec677e755cbc77b7a41aa7616d5e2bfd5f92b6ded972039f05de793d9901f0d4c201abf83f40644b7f3c181eee0a6bf
SSDEEP

6144:TlL52T7S6M3oR7rZ/AStWgld629jrTzOkX+:552nH1BWwjrGkO

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
605decf2a932adaf06b4e6b64cb0fd9f_JaffaCakes118
unpack001/iefxz.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

605decf2a932adaf06b4e6b64cb0fd9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iefxz.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4bf9be1bf052448593aa03c0d2895c0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

ObtainUserAgentString
CoInternetCombineUrl
CoGetClassObjectFromURL
CoInternetGetSession

wininet

InternetCloseHandle
InternetReadFile
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
HttpEndRequestW
InternetSetStatusCallbackW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetReadFileExA

shlwapi

SHDeleteKeyW
PathIsDirectoryW
PathIsRootW
PathFileExistsW
PathGetDriveNumberW
StrStrIW
SHDeleteValueW
UrlCanonicalizeW
SHGetValueW
SHSetValueW
PathFindFileNameW
PathCombineW

kernel32

lstrlenW
GetModuleFileNameW
lstrcpyW
GetShortPathNameW
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetTempPathW
GetTickCount
CloseHandle
DeleteFileW
WideCharToMultiByte
GetProcAddress
WaitForSingleObject
CopyFileW
SetLastError
GetLastError
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetFileAttributesW
GetVersion
RemoveDirectoryW
OutputDebugStringA
TlsAlloc
TlsFree
DisableThreadLibraryCalls
MoveFileExW
MultiByteToWideChar
GetCurrentThreadId
GetPrivateProfileStringW
FreeLibrary
lstrcatW
Sleep
GetCurrentProcess
SetErrorMode
LoadLibraryExA
CreateEventW
SetEvent
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
CreateFileW
GetDiskFreeSpaceExW
SetFileTime
SetEndOfFile
ReadFile
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
GetFileSize
CreateDirectoryW
LoadLibraryA
WriteProcessMemory
ReadProcessMemory
VirtualProtect
GetCurrentThread
GetSystemTime
LocalFree
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
DeviceIoControl
GlobalFree
GlobalAlloc
lstrcmpW
GetProfileIntW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
MulDiv
LocalAlloc
VirtualQuery
GetWindowsDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
VirtualAlloc

user32

SetForegroundWindow
ReleaseCapture
CopyRect
OffsetRect
GetDC
ReleaseDC
SetRect
InvalidateRect
SetCursor
GetSystemMetrics
ClientToScreen
TrackPopupMenu
RegisterWindowMessageW
SendMessageTimeoutW
GetDlgItemInt
SetDlgItemInt
GetMenuItemCount
DeleteMenu
AppendMenuW
LoadMenuW
GetSubMenu
ModifyMenuW
CheckMenuItem
WindowFromPoint
GetWindow
SetTimer
DestroyMenu
KillTimer
IsWindowVisible
GetWindowLongW
SetWindowLongW
GetWindowThreadProcessId
FillRect
keybd_event
EnumWindows
GetClassNameW
EnumChildWindows
DrawTextW
CharLowerW
IsWindow
DestroyWindow
RemovePropW
SetCapture
EndDialog
SetDlgItemTextW
GetDlgItemTextW
BeginPaint
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
LoadIconW
SetWindowPos
LoadCursorW
IsRectEmpty
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CheckDlgButton
IsDlgButtonChecked
EnableWindow
DrawIcon
EndPaint
SetWindowTextW
SetFocus
GetAsyncKeyState
GetWindowTextW
SendMessageW
CallNextHookEx
GetParent
GetAncestor
PostMessageW
CallWindowProcW
GetMessageW
LoadStringW
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExW
ShowWindow
SetWindowLongA
IsChild
MessageBoxW
PostThreadMessageW
CharNextW
GetKeyState
GetCursorPos
ScreenToClient
GetPropW
SetPropW
wsprintfW
GetCapture
GetDCEx
EqualRect
DestroyIcon
LoadBitmapW
GetMessagePos
RegisterClassExW
InflateRect
TrackMouseEvent
PtInRect
GetDlgItem
DefWindowProcW
CreateWindowExW
UpdateWindow
PeekMessageW
TranslateMessage
DialogBoxParamW
DispatchMessageW
FindWindowExW

gdi32

GetDIBits
GetDeviceCaps
SaveDC
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
SetROP2
UnrealizeObject
PatBlt
RestoreDC
CreateBitmap
CreatePatternBrush
SetTextColor
GetObjectW
CreateFontIndirectW
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
CreatePen
CreateSolidBrush
SelectObject
Rectangle
DeleteObject
SetBkMode
GetStockObject

advapi32

RegCloseKey
GetTokenInformation
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteExW
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoTaskMemFree
OleDraw
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
StringFromCLSID
CoInitialize
CoCreateInstance
CoUninitialize
StringFromIID
ReleaseStgMedium

oleaut32

OleLoadPicture
SysAllocStringLen
SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi

msvcrt

memcpy
memset
wcsncmp
_ftol
_except_handler3
_wtoi
wcslen
_snwprintf
__CxxFrameHandler
strcpy
sprintf
isalnum
_ui64tow
_wtol
wcsncat
_wtoi64
_ui64toa
wcschr
_purecall
strstr
strcmp
strncpy
??2@YAPAXI@Z
vswprintf
swprintf
iswdigit
memmove
wcsstr
wcscat
time
_beginthreadex
wcscmp
_snprintf
wcsncpy
fprintf
wcsrchr
wcscpy
memcmp
_wcsicmp
strcat
strchr
strrchr
fread
ftell
wcstod
free
fwrite
malloc
_wfopen
_wcsnicmp
abs
fwprintf
_strlwr
strncat
_ismbslead
_strnicmp
rewind
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
iswspace
strlen
swscanf
wcspbrk
fclose
perror
fgets
fseek
fopen

setupapi

SetupIterateCabinetW

netapi32

Netbios

gdiplus

GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32_Update

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phoenix
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 29KB - Virtual size: 28KB

4bf9be1bf052448593aa03c0d2895c0a

Headers

File Characteristics

Imports

ws2_32

version

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

setupapi

netapi32

gdiplus

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 24KB - Virtual size: 9.1MB

.phoenix Size: 48KB - Virtual size: 46KB

.rsrc Size: 224KB - Virtual size: 222KB

.reloc Size: 40KB - Virtual size: 38KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 9.1MB

.phoenix
Size: 48KB - Virtual size: 46KB

.rsrc
Size: 224KB - Virtual size: 222KB

.reloc
Size: 40KB - Virtual size: 38KB