5fc736f3f4aa4c76958a085897c4973b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fc736f3f4aa4c76958a085897c4973b_JaffaCakes118
Size

4.3MB
MD5

5fc736f3f4aa4c76958a085897c4973b
SHA1

c1203b8a82e876a65f8f51e14182cc72c95685b9
SHA256

e099d2615263dcd6a77f71b00579903dcb75e292035091da7435f185909e672a
SHA512

21eebff90b3738d73bb782b4cdba8787edef94758779fe5ecd3925e143a08923d7e6acdd18b2360e51f7f1e5ae7ce5e927f320d76037b6a10654fcee6eb73860
SSDEEP

98304:+Z6MiIt2Igsma++xfoYF+pjDDeyZO36Vzg4uRdC:+Zt+G++9oT3TOqV3D

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keymaker/Keymaker.exe
unpack001/mldownloader.exe

Files

5fc736f3f4aa4c76958a085897c4973b_JaffaCakes118
.rar
Keymaker/Keymaker.exe
.exe windows:4 windows x86 arch:x86

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileSectionA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

ARN
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oWnZ
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

every1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

in
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0day
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

world!
Size: 6KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mldownloader.exe
.exe windows:4 windows x86 arch:x86

c377cf1b13d4701516128f66c2e9f564

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerLanguageNameA

comctl32

ord17

kernel32

lstrcatA
CompareStringA
CompareStringW
MoveFileA
GetVersionExA
SetFilePointer
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
LoadResource
SizeofResource
FindResourceA
CreateProcessA
CreateEventA
GetTickCount
GetSystemDefaultLCID
GlobalHandle
SetLastError
lstrcmpA
SetCurrentDirectoryA
GetPrivateProfileSectionA
WaitForSingleObject
QueryPerformanceFrequency
Sleep
FlushFileBuffers
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetWindowsDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
lstrlenA
CreateFileA
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
WriteFile
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
CopyFileA
lstrcmpiA
CreateThread
GetExitCodeThread
GetTempPathA
ExpandEnvironmentStringsA
GetPrivateProfileIntA
GetSystemInfo
SetErrorMode
IsValidCodePage
GetModuleFileNameA
SetHandleCount
RaiseException
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetEnvironmentStringsW
GetStdHandle
GetCPInfo
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose
IsBadReadPtr
GetStringTypeA
GetStringTypeW
SetStdHandle
LCMapStringW
LCMapStringA
IsBadCodePtr
GetFileType

user32

MessageBoxA
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDesktopWindow
DialogBoxParamA
ShowWindow
GetDlgItem
EndDialog
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
BeginPaint
GetWindowLongA
WaitForInputIdle
IsWindow
CharNextA
MessageBoxIndirectA
CreateDialogParamA
DestroyWindow
SendDlgItemMessageA
ExitWindowsEx
CharPrevA
LoadStringA
wvsprintfA
GetClassInfoA
UpdateWindow
SetCursor
GetDlgItemTextA
EnableWindow
GetParent
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
DrawIcon
DestroyIcon
GetDlgCtrlID
SetWindowTextA
FillRect
GetSysColor
GetSysColorBrush
GetWindowRect
GetSystemMetrics
SetRect
FindWindowA
IntersectRect
SubtractRect
SendMessageA
IsDialogMessageA
MoveWindow
CharLowerBuffA

gdi32

CreateDIBitmap
GetDeviceCaps
CreatePalette
SelectPalette
GetStockObject
DeleteObject
GetSystemPaletteEntries
BitBlt
SelectObject
DeleteDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
RealizePalette

advapi32

RegEnumValueA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
GetTokenInformation
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

ole32

CreateItemMoniker
CoCreateGuid
StringFromCLSID
StgIsStorageFile
StgOpenStorage
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetRunningObjectTable

oleaut32

SysReAllocStringLen
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

Imports

kernel32

Sections

ARN Size: - Virtual size: 192KB

oWnZ Size: 125KB - Virtual size: 128KB

every1 Size: 4KB - Virtual size: 8KB

in Size: 39KB - Virtual size: 60KB

0day Size: 6KB - Virtual size: 6KB

world! Size: 6KB - Virtual size: 27KB

c377cf1b13d4701516128f66c2e9f564

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 48KB - Virtual size: 46KB

ARN
Size: - Virtual size: 192KB

oWnZ
Size: 125KB - Virtual size: 128KB

every1
Size: 4KB - Virtual size: 8KB

in
Size: 39KB - Virtual size: 60KB

0day
Size: 6KB - Virtual size: 6KB

world!
Size: 6KB - Virtual size: 27KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 48KB - Virtual size: 46KB