710fc197abbba4b7ec52b224a7df37de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

710fc197abbba4b7ec52b224a7df37de_JaffaCakes118
Size

1.1MB
MD5

710fc197abbba4b7ec52b224a7df37de
SHA1

3698802aab142f8c51bd95f71f1dc48fe36aaaae
SHA256

53048e0253c31c353742f17eeb0d4c417a7403d03a2ec4717e6e6b6ef9453ffa
SHA512

198cbda38bba8cd120b822df31d57576a587eb2e06ee457618cb9665a924929feae8e245e0397d46dec272bfe9c866db1939be69422e2922fd353b4d3d1d218c
SSDEEP

24576:SvqsoNxhSPjyO3Lt+SKJ0Hg3hIJTakTky284TeaklOgG3YjrDXY:HDN6PjyObwSKhaY84TcEjojrs

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AmlMaple.dll
unpack001/AmlMaple.exe
unpack001/FlgCrt.dll

Files

710fc197abbba4b7ec52b224a7df37de_JaffaCakes118
.zip
AmlMaple.dll
.dll windows:4 windows x86 arch:x86

fd703d435fc568e78268e93f88aee6b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetVersionExW
lstrcmpW
lstrlenW
InterlockedExchange
HeapFree
GetCurrentProcess
GetProcessHeap
GetModuleFileNameW
HeapDestroy
HeapCreate
GetModuleHandleW
GetLocaleInfoW
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
IsBadStringPtrW
WriteProcessMemory
VirtualQuery
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CloseHandle
GetProcAddress
GetSystemInfo
GetModuleHandleA
GetWindowsDirectoryW
GetModuleFileNameA
HeapAlloc
ExitProcess

user32

GetParent
HideCaret
ShowCaret
GetGUIThreadInfo
GetKeyState
GetKeyboardLayout
PostMessageW
UnhookWinEvent
SetCaretPos
RedrawWindow
IsRectEmpty
InvalidateRect
CreateCaret
GetKeyboardLayoutList
SendMessageW
DrawTextW
SystemParametersInfoW
FillRect
GetClassNameW
GetActiveWindow
MessageBoxA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
DestroyCaret

gdi32

DeleteObject
CreateSolidBrush
GetObjectW
CreateFontIndirectW
SetTextColor
SetBkMode
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC

imagehlp

ImageDirectoryEntryToData

msvcrt

_local_unwind2
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
_wcsupr
wcscat
wcscpy
_wsplitpath
wcschr
swprintf
wcscmp
wcsncpy
wcslen
__dllonexit
_onexit

Exports

Exports

AM_GetAbbr
AM_GetFlags
AM_Install
AM_InstallEncoder
AM_SetColorData
AM_SetFlags
AM_Uninstall
AM_UninstallEncoder

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.amlclrs
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AmlMaple.exe
.exe windows:4 windows x86 arch:x86

790ee605284400a98f3924ea94a9687b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
lstrcpynW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32NextW
Process32FirstW
FindNextFileW
lstrcatW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringW
WritePrivateProfileStructW
GetPrivateProfileIntW
GetPrivateProfileStructW
GetPrivateProfileSectionNamesW
VirtualAlloc
VirtualFree
GlobalDeleteAtom
GlobalAddAtomW
GlobalGetAtomNameW
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
LoadLibraryExW
EnumResourceNamesW
EnumResourceLanguagesW
HeapAlloc
LocalLock
LocalAlloc
GetTimeZoneInformation
GetFullPathNameW
ExpandEnvironmentStringsW
Module32NextW
GetCurrentDirectoryW
LocalFileTimeToFileTime
WideCharToMultiByte
CreateDirectoryW
SetFileTime
LCMapStringW
GetFileInformationByHandle
ExitThread
TlsSetValue
lstrcpyW
FindFirstFileW
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RaiseException
RtlUnwind
CreateFileA
GetMailslotInfo
TerminateThread
CreateEventA
CreateMailslotA
GetComputerNameA
HeapSize
TlsAlloc
TlsGetValue
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
LCMapStringA
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
LoadLibraryA
SetEndOfFile
GetOEMCP
lstrcmpiW
CopyFileW
GlobalMemoryStatus
GetSystemInfo
GetACP
GetCPInfoExW
GlobalSize
GetThreadLocale
FindResourceW
LoadResource
LockResource
FreeResource
SystemTimeToFileTime
GetSystemTime
DeleteFileW
SetFileAttributesW
SetThreadPriority
ResumeThread
SetErrorMode
GetFileAttributesW
GetDriveTypeW
IsBadWritePtr
GetTempFileNameW
GetModuleFileNameW
GetNumberFormatW
GetTempPathW
CreateMutexW
ResetEvent
GetModuleHandleW
SetThreadLocale
GetSystemDirectoryW
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
FormatMessageW
IsBadCodePtr
FreeLibrary
GetLocaleInfoW
GetVersionExW
LoadLibraryW
MultiByteToWideChar
GetLastError
SetLastError
InterlockedCompareExchange
ExitProcess
GetTickCount
FindClose
WriteFile
GetComputerNameW
GetLocalTime
Sleep
CreateThread
TerminateProcess
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GlobalLock
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
OpenEventW
SetEvent
CreateEventW
WaitForSingleObject
OpenMutexW
GetProcessHeap
HeapFree
LocalHandle
LocalUnlock
LocalFree
GlobalHandle
GlobalUnlock
GlobalFree
IsBadStringPtrW
CreateFileW
GetFileSize
CloseHandle
ReadFile
GetPrivateProfileStringW
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
lstrlenW
InterlockedDecrement
GetProcAddress
InterlockedExchange
GetVersion
IsBadReadPtr
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ValidateRect
IsWindowVisible
SetRect
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetNextDlgTabItem
GetNextDlgGroupItem
UnregisterClassW
OemToCharW
AdjustWindowRectEx
UnhookWinEvent
SetWinEventHook
GetAsyncKeyState
GetKeyState
LoadKeyboardLayoutW
GetWindowDC
GetWindowRgn
GetCursorInfo
WindowFromPoint
GetClassLongW
ShowCursor
GetSubMenu
SetMenuItemInfoW
EnumChildWindows
GetMenuStringW
ModifyMenuW
FindWindowW
SendMessageTimeoutW
RegisterClassW
EqualRect
UnionRect
GetForegroundWindow
GetMonitorInfoW
RemoveMenu
SetDlgItemInt
GetDlgItemInt
AdjustWindowRect
CopyRect
DestroyAcceleratorTable
EnableMenuItem
CheckMenuItem
DrawFrameControl
IsCharAlphaNumericW
CharUpperBuffW
InflateRect
DrawFocusRect
OffsetRect
GetCapture
UpdateWindow
PtInRect
SetRectEmpty
GetCursorPos
SetCursorPos
CreateDialogParamW
IsWindowEnabled
DialogBoxParamW
GetMenuItemRect
DestroyMenu
CharLowerW
TrackPopupMenu
CreatePopupMenu
ScreenToClient
ClientToScreen
GetDlgCtrlID
EndDialog
MapWindowPoints
GetSysColorBrush
EnableWindow
SetTimer
GetWindowRect
KillTimer
DrawIconEx
DrawTextW
GetSystemMetrics
MonitorFromWindow
GetIconInfo
DestroyCursor
CreateIconIndirect
ChangeClipboardChain
PostQuitMessage
SetClipboardViewer
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
DialogBoxIndirectParamW
IsIconic
FlashWindow
SetForegroundWindow
SetActiveWindow
GetKeyboardLayout
AttachThreadInput
CloseClipboard
SetCursor
GetMenuItemCount
GetMenuItemID
InsertMenuW
MessageBeep
GetKeyboardLayoutList
DestroyIcon
LoadIconW
GetPropW
RemovePropW
CreateWindowExW
wsprintfW
GetDlgItem
SendMessageW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
GetClassNameW
RedrawWindow
SetWindowPos
GetClientRect
CallNextHookEx
SetWindowsHookExW
SendInput
BeginPaint
FillRect
EndPaint
CallWindowProcW
GetDC
ReleaseDC
IsChild
GetFocus
SetFocus
GetSysColor
SetSystemCursor
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetWindowLongW
GetWindow
GetWindowLongW
AppendMenuW
IsMenu
GetKeyboardState
VkKeyScanExW
ToUnicodeEx
MapVirtualKeyExW
ShowCaret
RegisterHotKey
SetMenuDefaultItem
UnregisterHotKey
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
LoadImageW
CopyIcon
CharUpperW
LoadStringW
CharNextW
wvsprintfW
MessageBoxW
DestroyWindow
GetParent
ShowWindow
LoadCursorW
UnhookWindowsHookEx
GetWindowThreadProcessId
IsWindow
SetClassLongW
PostMessageA

comctl32

ImageList_GetIcon
ord17
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_GetImageCount
InitCommonControlsEx
_TrackMouseEvent

shell32

SHFileOperationW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
ExtractIconExW
ExtractAssociatedIconW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderPathW
DragAcceptFiles
DragQueryFileW
DragFinish
FindExecutableW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHAppBarMessage

advapi32

CryptGetHashParam
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyW
SetTokenInformation
CheckTokenMembership
GetTokenInformation
EqualSid
LogonUserW
GetUserNameW
OpenProcessToken
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RevertToSelf
RegNotifyChangeKeyValue
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
ImpersonateLoggedOnUser

gdi32

GetDeviceCaps
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectW
GetStockObject
CreateFontIndirectW
LineTo
MoveToEx
CreatePen
CreateDCW
SetMapMode
SetViewportOrgEx
SetViewportExtEx
SetWindowOrgEx
SetWindowExtEx
PatBlt
GetPixel
SetPixel
StretchBlt
CreateBitmap
GetObjectType
SetTextColor
SetBkMode
GetTextExtentExPointW
SetTextAlign
SetBkColor
ExtTextOutW
SaveDC
RestoreDC
GetTextExtentPoint32W
GetTextMetricsW
GetCurrentObject
GetBitmapBits
SetDIBits
GetDIBits
FrameRgn
CreateRectRgn
SelectClipRgn
CreateRoundRectRgn
FillRgn
CreatePolygonRgn
DeleteDC

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetOpenFileNameW

winmm

PlaySoundW

wininet

InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
HttpSendRequestW

olepro32

ord253

oleaut32

VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
DispCallFunc

credui

CredUIPromptForCredentialsW

ws2_32

gethostbyname
WSAStartup
inet_ntoa
gethostname

Sections

.text
Size: 830KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VMP0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VMP1
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AmlMaple.exe.manifest
BrazilianPortuguese.lng
Bulgarian.lng
Chinese Simplified.lng
FlgCrt.dll
.dll windows:4 windows x86 arch:x86

d600dc34455d59a34862ac3c5cb31374

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary

user32

IsWindowUnicode
IsWindow
GetKeyboardLayout
GetWindowThreadProcessId
CallNextHookEx
ClientToScreen
GetCaretPos
UnhookWindowsHookEx
GetFocus
SetWindowsHookExW

Exports

Exports

Install
InstallWndHook
UnInstall

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.amlmacc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
French.lng
German.lng
Hebrew.lng
Hellenic.lng
Help_By.chm
.chm
Help_En.chm
.chm
Help_Ru.chm
.chm
Help_UK.chm
.chm
Indonesian.lng
Italian.lng
Kazakh.lng
Korean.lng
Lithuanian.lng
LocalizationExample.lng
Magyar.lng
Norwegian.lng
Polish.lng
ReadMe_Portable.txt
Register.Bat
Russian.lng
RussianU.lng
Serbian.lng
Sinhala.lng
Spanish.lng
Turkish.lng
Ukrainian.lng
UpdateReport_Pl.htm
UpdateReport_Ru.htm
arabic.lng
history.txt
licence_en.txt

Sharing

General

Malware Config

Signatures

Files

fd703d435fc568e78268e93f88aee6b6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 896B

.amlclrs Size: 512B - Virtual size: 98B

.CRT Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

790ee605284400a98f3924ea94a9687b

Headers

File Characteristics

Imports

kernel32

user32

comctl32

shell32

advapi32

gdi32

ole32

oleacc

version

comdlg32

winmm

wininet

olepro32

oleaut32

credui

ws2_32

Sections

.text Size: 830KB - Virtual size: 830KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 94KB - Virtual size: 107KB

.tls Size: 512B - Virtual size: 16B

.VMP0 Size: 64KB - Virtual size: 64KB

.VMP1 Size: 58KB - Virtual size: 57KB

.rsrc Size: 134KB - Virtual size: 134KB

d600dc34455d59a34862ac3c5cb31374

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 578B

.data Size: 512B - Virtual size: 120B

.amlmacc Size: 512B - Virtual size: 20B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 896B

.amlclrs
Size: 512B - Virtual size: 98B

.CRT
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 830KB - Virtual size: 830KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 94KB - Virtual size: 107KB

.tls
Size: 512B - Virtual size: 16B

.VMP0
Size: 64KB - Virtual size: 64KB

.VMP1
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 134KB - Virtual size: 134KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 578B

.data
Size: 512B - Virtual size: 120B

.amlmacc
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 240B