72c69b449413d7abe3d67f1c0ad39987_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72c69b449413d7abe3d67f1c0ad39987_JaffaCakes118
Size

2.8MB
MD5

72c69b449413d7abe3d67f1c0ad39987
SHA1

9ba23aa4800fe04e60d51d8261d06f378287d877
SHA256

33a8417bb5aa81582939e0c47b62bd8b2e3066efb02bbbc7ed52808aaa7fc5ec
SHA512

c14253cec2c2124d12c9f31b582098fa133ad8af63331c624fe8917fca835c5787d508f988f1c74f8d991253a6d96a19ed160cb74ea2434d0eecc2d25db28701
SSDEEP

49152:vo7ZFMzy/LmVSbFnELfJIymaBKcF4UY5aJN+mxSs5y734SFv1jsKw1tieDAYE8Ga:vo7rYcLmCnE6yDKojY5aeuyBFvOomjEQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoSnap.exe
unpack001/HookNet.dll
unpack001/IniAdmin.exe
unpack001/NTFSys.dll
unpack001/NewFace2.dll
unpack001/SEClient.exe
unpack001/SEServer.exe
unpack001/wDataAcc.dll

Files

72c69b449413d7abe3d67f1c0ad39987_JaffaCakes118
.zip
AutoSnap.exe
.exe windows:1 windows x86 arch:x86

b762646afdacf5875c217cf6c397bcd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

Sections

CODE
Size: 282KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CallAfter.bat
Config.ini
DataSync.txt
HookNet.dll
.dll windows:1 windows x86 arch:x86

215083a45fe1a2a3760d5acbd6821d20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

Exports

Exports

HookAllHookEx
HookKBHookEx
UnHookAllHookEx
UnHookKBHookEx

Sections

CODE
Size: 128KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IniAdmin.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Language.reg
NTFSys.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

GetFile
GetFileLongName_TestA
GetFileLongName_TestB
GetFileLongName_Info

Sections

.text
Size: 18KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NewFace2.dll
.dll windows:1 windows x86 arch:x86

cdae41b331fd769d1963cc9569036fc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

setupapi

SetupDiDestroyDeviceInfoList

hid

HidD_GetPreparsedData

Exports

Exports

GetFirst
GoOut

Sections

CODE
Size: 30KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Quick_Start_Guide.txt
SEClient.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 910KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SEServer.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyncEXPnet_User_Guide_v0905.pdf
.pdf
wDataAcc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DataSyncFinalize
DataSyncInitialize
DeleteRecord
DisconDataSet
GetRecordData
ListDataSets
PutRecordData
QueryDataSet
SetCallBack

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b762646afdacf5875c217cf6c397bcd4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

Sections

CODE Size: 282KB - Virtual size: 816KB

.rsrc Size: 12KB - Virtual size: 12KB

215083a45fe1a2a3760d5acbd6821d20

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

comctl32

Exports

Exports

Sections

CODE Size: 128KB - Virtual size: 312KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

CODE Size: 587KB - Virtual size: 587KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 44KB - Virtual size: 43KB

.rsrc Size: 38KB - Virtual size: 38KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 52KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

cdae41b331fd769d1963cc9569036fc2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

setupapi

hid

Exports

Exports

Sections

CODE Size: 30KB - Virtual size: 88KB

.rsrc Size: 4KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

CODE Size: 910KB - Virtual size: 910KB

CODE
Size: 282KB - Virtual size: 816KB

.rsrc
Size: 12KB - Virtual size: 12KB

CODE
Size: 128KB - Virtual size: 312KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

CODE
Size: 587KB - Virtual size: 587KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 38KB - Virtual size: 38KB

.text
Size: 18KB - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 30KB - Virtual size: 88KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

CODE
Size: 910KB - Virtual size: 910KB

DATA
Size: 46KB - Virtual size: 46KB

BSS
Size: - Virtual size: 13KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 190KB - Virtual size: 190KB

CODE
Size: 705KB - Virtual size: 705KB

DATA
Size: 18KB - Virtual size: 18KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 140KB - Virtual size: 140KB

CODE
Size: 306KB - Virtual size: 305KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 272B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 12KB