786ac3f7d7418d288db45d3ed6e57264_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

786ac3f7d7418d288db45d3ed6e57264_JaffaCakes118
Size

538KB
MD5

786ac3f7d7418d288db45d3ed6e57264
SHA1

7b403180cb34bf59cf1f82137ff1b222c0a646fd
SHA256

cea5e1950a5763da73409a8622ac5112577a05a7f42115683e4ae163c44e54ed
SHA512

40d6d840da728aa91bdcb883e17cfcad786d4408bb8292c006f9336d7796b4c54d0fd5058369df984be559c11ec47bea79e46402750bedf5d22f1a11618b3f51
SSDEEP

12288:QIAgCqVCrFpKwEjmIRlmwG9KV8aArFljO5QQ6Jye0sYN/:QFiVCrkj7mwga4y5Pe0sYN/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BonPlayer.exe
unpack001/SkinCrafterDll.dll

Files

786ac3f7d7418d288db45d3ed6e57264_JaffaCakes118
.zip
BonPlayer.exe
.exe windows:4 windows x86 arch:x86

3ba0c2d2e19e304e6f430d8ca1f1882b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\temp\BonPlayer\Release\VladPlayerII.pdb

Imports

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

kernel32

SetEndOfFile
GetPrivateProfileIntW
WritePrivateProfileStringW
SetErrorMode
GetStartupInfoW
ExitProcess
RtlUnwind
HeapReAlloc
GetCPInfo
ExitThread
HeapSize
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetOEMCP
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
SystemTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
ResumeThread
lstrcmpA
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
GetProfileIntW
SetLastError
CopyFileW
GlobalSize
FormatMessageW
LocalFree
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
GlobalFree
FreeResource
GetTickCount
GetCurrentThread
lstrcmpiW
VirtualAlloc
CreateSemaphoreW
VirtualFree
GetSystemInfo
CreateEventW
CreateThread
WaitForMultipleObjects
ResetEvent
CreateMutexW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcmpW
GlobalAlloc
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
lstrcpyW
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
RaiseException
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
SetFilePointer
MultiByteToWideChar
lstrlenW
GetModuleHandleW
WaitForSingleObject
GetSystemTimeAsFileTime
GetModuleFileNameW
SetEvent
CreateEventA
GetVersion
GetFullPathNameW
GetFileAttributesW
GetLastError
CreateFileW
GetFileSize
ReadFile
CloseHandle
GlobalLock
GlobalUnlock
GetCurrentThreadId
lstrcpynW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ReleaseMutex
CreateMutexA
SetWaitableTimer
CreateWaitableTimerA
CreateFileA
UnhandledExceptionFilter

user32

WindowFromPoint
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
MoveWindow
IsDialogMessageW
SetDlgItemTextW
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SendDlgItemMessageW
SendDlgItemMessageA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
SystemParametersInfoA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DispatchMessageW
PeekMessageW
FindWindowW
SendMessageTimeoutW
ShowWindow
GetCapture
ClientToScreen
SetCursor
GetPropW
RemovePropW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
CharNextW
GetClassNameW
SetWindowPos
RedrawWindow
GetDlgItem
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcW
InvalidateRgn
SetCapture
ReleaseCapture
PostThreadMessageW
DefWindowProcW
UnregisterClassW
CreateWindowExW
GetWindowLongW
SetWindowLongW
SetFocus
MessageBoxW
RegisterClipboardFormatW
GetSystemMetrics
LoadIconW
IsIconic
SetMenu
GetMenu
LoadMenuW
ModifyMenuW
GetSubMenu
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
DrawIcon
GetSysColorBrush
GetMessageW
TranslateMessage
DestroyWindow
SetForegroundWindow
InflateRect
IntersectRect
SystemParametersInfoW
IsWindowVisible
PostMessageW
GetSysColor
GetFocus
DrawFocusRect
CopyRect
FillRect
EnumThreadWindows
ValidateRect
DestroyMenu
PostQuitMessage
GetWindowPlacement
EqualRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InvalidateRect
wsprintfW
GetDlgCtrlID
GetAsyncKeyState
GetCursorPos
EnableWindow
GetParent
KillTimer
SetTimer
ReleaseDC
GetDC
ScreenToClient
GetWindowRect
IsZoomed
SendMessageW
OffsetRect
PtInRect
IsWindow
GetDesktopWindow
GetClientRect
SetPropW
GetKeyState

gdi32

CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
GetTextExtentPoint32W
PtInRegion
RectVisible
PtVisible
CreatePolygonRgn
SetMapMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
SetBkColor
GetClipBox
SetTextColor
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateSolidBrush
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

Shell_NotifyIconW
DragQueryFileW

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
ord17
ImageList_Destroy
ImageList_Create

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

StringFromGUID2
CoUninitialize
CoTaskMemAlloc
OleInitialize
CoCreateInstance
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
ReleaseStgMedium
OleDuplicateData
RegisterDragDrop
OleGetClipboard
RevokeDragDrop
CoInitialize
CoLockObjectExternal

oleaut32

SysAllocString
VariantChangeType
VariantInit
OleCreateFontIndirect
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen

wininet

InternetSetStatusCallbackW
InternetCloseHandle

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SkinCrafterDll.dll
.dll windows:4 windows x86 arch:x86

8adf4dcd87bc0a5878820eb28d5b4aaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

TransparentBlt

mfc42

ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2452
ord816
ord562
ord2381
ord5590
ord2571
ord3701
ord500
ord772
ord6142
ord3986
ord5981
ord3619
ord2405
ord2859
ord2754
ord4133
ord4297
ord5787
ord5788
ord283
ord2753
ord932
ord6759
ord5933
ord3880
ord3425
ord3054
ord6716
ord6692
ord3797
ord3055
ord3056
ord3296
ord2862
ord3754
ord3914
ord3297
ord4125
ord3803
ord4060
ord2937
ord3920
ord3293
ord6762
ord6678
ord4123
ord6696
ord6734
ord3546
ord3766
ord861
ord273
ord603
ord3693
ord2713
ord6157
ord6605
ord4023
ord5785
ord2841
ord2107
ord5450
ord6394
ord559
ord812
ord5862
ord6144
ord3566
ord2975
ord3757
ord3481
ord1168
ord1176
ord3752
ord1949
ord5440
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord860
ord800
ord537
ord823
ord858
ord540
ord539
ord6467
ord825
ord909
ord394
ord4185
ord5628
ord535
ord4191
ord3435
ord3441
ord5860
ord5606
ord5678
ord5794
ord5873
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord289
ord613
ord3571
ord5781
ord696
ord3643
ord472
ord2380
ord1641
ord2414
ord3626
ord3706
ord323
ord1640
ord2714
ord2450
ord640
ord6880
ord702
ord912
ord5593
ord5683
ord5596
ord400
ord3649
ord5634
ord915
ord4188
ord879
ord4204
ord4129
ord5710
ord6662
ord2740
ord4275
ord2379
ord939
ord755
ord5875
ord6172
ord5789
ord470
ord2860
ord2864
ord3646
ord397
ord699
ord2818
ord665
ord1979
ord1969
ord3438
ord5572
ord6383
ord2915
ord2801
ord882
ord5651
ord3127
ord3616
ord404
ord3663
ord924
ord5186
ord350
ord354
ord703
ord2846

msvcrt

_strnicmp
_wcsnset
_stricmp
_strcmpi
_mbscmp
__CxxFrameHandler
_purecall
_CxxThrowException
atoi
_except_handler3
free
wcscmp
malloc
__RTDynamicCast
strstr
strncmp
wcschr
mbstowcs
swprintf
wcslen
wcscpy
_itow
_ftol
toupper
wcsstr
_snprintf
printf
rand
isdigit
_strupr
srand
sscanf
strncpy
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

LocalReAlloc
InterlockedExchange
HeapFree
GetProcessHeap
HeapAlloc
GetVersion
MulDiv
GetLastError
GetUserDefaultLangID
FindResourceExA
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
GetLocalTime
LocalFree
RaiseException
lstrcpyA
lstrcmpA
LoadLibraryW
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalFree
LocalAlloc
GetVersionExA
lstrcmpiA
lstrlenA
LoadResource
SizeofResource
GlobalLock
GlobalUnlock
Sleep
OutputDebugStringA
LocalSize
LocalLock
LocalUnlock
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte

user32

GetWindowTextW
GetWindowTextLengthW
CallWindowProcW
DrawStateA
GetSubMenu
AppendMenuA
RemoveMenu
WindowFromPoint
LoadIconA
GetIconInfo
TrackMouseEvent
DestroyWindow
RegisterClassA
GetClassInfoA
CreateWindowExA
DefWindowProcA
MessageBoxA
GetMenu
IsMenu
GetActiveWindow
SetRectEmpty
GetAncestor
InvalidateRect
SetCapture
ClientToScreen
ReleaseCapture
IsZoomed
LockWindowUpdate
GetCursorPos
GetWindowRgn
GetCapture
SetWindowRgn
GrayStringA
DrawTextA
TabbedTextOutA
EnableScrollBar
IsWindowEnabled
GetWindowLongA
GetTopWindow
GetForegroundWindow
RedrawWindow
SetWindowPos
GetWindow
IsWindow
RemovePropA
SetPropA
IsWindowUnicode
SetWindowLongW
SetWindowLongA
GetWindowTextLengthA
GetPropA
WindowFromDC
GetDC
ReleaseDC
GetSystemMetrics
GetMenuStringW
SetForegroundWindow
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
CopyRect
IsRectEmpty
SetRect
GetWindowRect
OffsetRect
CopyImage
PtInRect
SetCursor
GetParent
SendMessageA
LoadCursorA
GetClientRect
GetClassNameA
PostMessageA
GetClassLongA
SetClassLongA
EnumThreadWindows
EnumChildWindows
GetMessagePos
KillTimer
SetTimer
EndPaint
MapWindowPoints
CallWindowProcA
BeginPaint
DrawEdge
GetSysColorBrush
GetWindowDC
DestroyIcon
EqualRect
UnionRect
GetScrollPos
FillRect
FrameRect
InflateRect
InvertRect
GetDlgCtrlID
IntersectRect
SubtractRect
DrawIconEx
UpdateWindow
GetSysColor
DrawFrameControl
DrawFocusRect
SystemParametersInfoA
IsWindowVisible
GetWindowTextA
GetMenuItemRect
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetDlgItem
SetFocus
GetNextDlgTabItem
DrawTextW
GetFocus
SendMessageW
GetMenuStringA
SystemParametersInfoW
ShowScrollBar
SetScrollInfo
SetScrollPos
ShowWindow
HideCaret
ShowCaret
GetCaretPos
SetCaretPos
GetKeyState
GetScrollInfo
CallNextHookEx
GetDesktopWindow
SetWindowsHookExA
UnhookWindowsHookEx
AdjustWindowRect
GetMenuBarInfo
PeekMessageA
DispatchMessageA
GetMessageA
GetDCEx
AdjustWindowRectEx
GetSystemMenu
DrawMenuBar
ScreenToClient
TrackPopupMenu
IsIconic

gdi32

RestoreDC
SetDIBColorTable
GetDIBColorTable
CreatePalette
CreateHalftonePalette
SelectPalette
RealizePalette
GetPaletteEntries
CreateDIBSection
GetObjectW
GetDeviceCaps
IntersectClipRect
GetClipRgn
GetTextMetricsA
ExtTextOutW
CreateFontIndirectW
SetStretchBltMode
GetClipBox
StretchBlt
Rectangle
CreatePatternBrush
SetBrushOrgEx
UnrealizeObject
SelectClipRgn
GetTextExtentPoint32A
PlayEnhMetaFile
SetPixel
CreateSolidBrush
Arc
Ellipse
GetTextExtentPoint32W
SetWindowOrgEx
SaveDC
CreatePen
GetObjectA
CreateFontIndirectA
GetPixel
GetTextExtentPointW
GetTextExtentPointA
GetTextMetricsW
SetBoundsRect
ExcludeClipRect
CreateRoundRectRgn
CreateEllipticRgn
PtInRegion
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportOrgEx
ExtSelectClipRgn
PatBlt
GetBkMode
GetTextColor
GetBkColor
GetCurrentObject
SetBkMode
SetTextColor
CreateRectRgn
OffsetRgn
GetRegionData
ExtCreateRegion
BeginPath
MoveToEx
LineTo
EndPath
WidenPath
PathToRegion
GetRgnBox
CreateRectRgnIndirect
CombineRgn
CreateCompatibleDC
SelectObject
CreateBitmap
CreateCompatibleBitmap
BitBlt
SetBkColor
DeleteObject
DeleteDC

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_DrawEx
UninitializeFlatSB
InitializeFlatSB
ImageList_SetBkColor

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SysAllocString

oleacc

AccessibleObjectFromWindow

Exports

Exports

AboutSkinCrafter
AddAdditionalThread
AddDrawImage
AddDrawText
AddSkinFromFile
ApplyAddedSkin
ApplySkin
ClearSkin
ClearWnd
DeInitDecoration
DecorateAs
DefineLanguage
DeleteAddedSkin
DeleteAdditionalThread
DoDecorate
DoNotDecorate
ExcludeThreadWindows
ExcludeWnd
GetSkinCopyRight
GetUserData
GetUserDataSize
IncludeThreadWindows
IncludeWnd
InitDecoration
InitLicenKeys
LoadSkinFromData
LoadSkinFromFile
LoadSkinFromResource
RemoveAddedSkin
RemoveDrawItem
RemoveSkin
SetAddedCustomScrollbars
SetAddedCustomSkinWnd
SetCustomScrollbars
SetCustomSkinWnd
SetDecorationMode
UpdateControl
UpdateWnd

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin.skf

Sharing

General

Malware Config

Signatures

Files

3ba0c2d2e19e304e6f430d8ca1f1882b

Headers

File Characteristics

PDB Paths

Imports

winmm

version

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wininet

Sections

.text Size: 348KB - Virtual size: 347KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 16KB - Virtual size: 30KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 44KB - Virtual size: 42KB

8adf4dcd87bc0a5878820eb28d5b4aaa

Headers

File Characteristics

Imports

msimg32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

oleacc

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 365KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 348KB - Virtual size: 347KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 16KB - Virtual size: 30KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 44KB - Virtual size: 42KB

.text
Size: 368KB - Virtual size: 365KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 28KB - Virtual size: 27KB