8972c7a4cfe9e53dc3748d7a45e078af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8972c7a4cfe9e53dc3748d7a45e078af_JaffaCakes118
Size

1.5MB
MD5

8972c7a4cfe9e53dc3748d7a45e078af
SHA1

e76d2a605978e582482089cd41f425a45be13c77
SHA256

460e3dbd4e206293d3328f3b6b8d99a70046f247c600f752492f3cac23429112
SHA512

0e3982351be08b018a90d7f351412f7b7cc764de0ffbfccbbc76a4de371b462a41d684f68472007908b662a98fa8d69f4b2483fb76f35c4c55cabc3c2ddc5cda
SSDEEP

24576:bkaSGo6SpHLc6u/JE5OSPqhonuPgbB8J9lYCgLOGD9X8tfoEbv3UeducWjeIaJHm:bPVTSZIp/gXfnu4F8J9lYCgalZ7z3Ua+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WorldEdit.exe

Files

8972c7a4cfe9e53dc3748d7a45e078af_JaffaCakes118
.zip
WorldEdit.exe
.exe windows:4 windows x86 arch:x86

68af2cf0d86d2b030432a0e043bf62c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseSemaphore
HeapLock
GetCurrentDirectoryA
ReadFile
GetCommandLineA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
ResumeThread
SuspendThread
CreateIoCompletionPort
QueryPerformanceFrequency
GetQueuedCompletionStatus
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
TerminateThread
PostQueuedCompletionStatus
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
VirtualUnlock
VirtualFree
SetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
OpenEventA
SetEvent
FlushFileBuffers
GetStartupInfoA
OutputDebugStringA
InterlockedCompareExchange
GetLogicalDriveStringsA
GetDriveTypeA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
ReleaseMutex
OpenMutexA
CreateMutexA
GetFileAttributesA
CreateSemaphoreA
WaitForMultipleObjects
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
ResetEvent
GetCurrentThreadId
GetTickCount
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
FormatMessageA
GetLocaleInfoA
GetACP
GetProcessHeaps
HeapWalk
CreateProcessA
HeapUnlock
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
SetThreadPriority
GetCurrentThread
GetThreadPriority
GetLastError
CreateEventA
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
Sleep
SetLastError
SetFileTime
SetFilePointer
CreateFileA
WriteFile
GetFileSize
GetFileTime
DeleteFileA
SetEndOfFile
FreeLibrary
VirtualAlloc
VirtualLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FileTimeToSystemTime
GetSystemInfo
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceA
FreeEnvironmentStringsA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA

ijl15

ord4
ord3
ord5
ord2

storm

ord428
ord426
ord268
ord421
ord424
ord291
ord288
ord579
ord422
ord425
ord267
ord406
ord504
ord524
ord534
ord265
ord537
ord525
ord574
ord463
ord462
ord581
ord563
ord575
ord476
ord580
ord469
ord472
ord405
ord280
ord507
ord590
ord509
ord279
ord506
ord551
ord508
ord465
ord503
ord517
ord501
ord423
ord263
ord266
ord252
ord578
ord461
ord401
ord403
ord269
ord253
ord571
ord293
ord271
ord479
ord572
ord474
ord289
ord470
ord552
ord541
ord544
ord548
ord542
ord577
ord281
ord302
ord545

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
isdigit
sprintf
_HUGE
iswspace
ceil
floor
isupper
strstr
srand
sscanf
wcslen
atof
printf
_CIacos
malloc
rand
_CIpow
strtol
fprintf
vfprintf
fputc
_iob
exit
_vsnprintf
fputs
putc
qsort
_purecall
_beginthreadex
_ftol
_clearfp
_control87
fopen
strrchr
_CIfmod
atoi
strncpy
_except_handler3
toupper
_stricmp
strchr
strcspn
strspn
memmove
__CxxFrameHandler
?raw_name@type_info@@QBEPBDXZ
fwrite
fclose
_ismbcspace
strtoul
setvbuf
ctime
time
strftime
localtime
_CIasin
_pctype
_isctype
__mb_cur_max
strncmp
ftell
fseek
fread
realloc
free

user32

MapWindowPoints
UnregisterClassA
RegisterClassExA
ChangeDisplaySettingsA
EnumDisplayDevicesA
EnumDisplaySettingsA
ChangeDisplaySettingsExA
ClipCursor
GetClientRect
ScreenToClient
ClientToScreen
SetCursorPos
TranslateMessage
DispatchMessageA
RegisterClassA
GetDesktopWindow
SetForegroundWindow
GetDCEx
BeginPaint
EndPaint
TranslateAcceleratorA
GetPropA
MessageBoxA
MessageBeep
SystemParametersInfoA
WindowFromPoint
SetWindowPlacement
GetWindowPlacement
GetForegroundWindow
SetActiveWindow
LoadImageA
SetClassLongA
DestroyIcon
ShowCursor
GetScrollInfo
SetScrollPos
SetScrollInfo
FillRect
DrawTextA
ReleaseCapture
SetCapture
LoadCursorA
SetCursor
DefWindowProcA
PostMessageA
SendMessageA
GetActiveWindow
DestroyWindow
UpdateWindow
GetKeyState
CreateMenu
OpenClipboard
GetClipboardData
CloseClipboard
GetClassLongA
CallWindowProcA
GetSysColor
GetSysColorBrush
SetWindowLongA
GetDC
ReleaseDC
GetWindowTextLengthA
GetWindowTextA
TrackPopupMenu
SetWindowTextA
GetWindowInfo
SetWindowPos
InvalidateRect
IsWindowVisible
ShowWindow
SetFocus
GetWindow
GetCursorPos
GetWindowRect
PeekMessageA
GetMessageA
IsDialogMessageA
GetFocus
SetParent
CreateWindowExA
GetParent
GetWindowLongA
IsWindowEnabled
EnableWindow
RemovePropA
KillTimer
SetTimer
GetMenu
SetPropA
CreateDialogIndirectParamA
DrawMenuBar
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenu
GetMenuItemInfoA
SetMenuItemInfoA
InsertMenuItemA
GetMenuItemCount
DeleteMenu
DestroyMenu
CreatePopupMenu

gdi32

CreateDIBitmap
CreateRectRgnIndirect
SetBkMode
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetDeviceCaps
SetTextAlign
TextOutW
CreateFontA
GetDeviceGammaRamp
SetDeviceGammaRamp
CombineRgn
GetStockObject
FillRgn
CreatePen
GetBkColor
CreateSolidBrush
MoveToEx
LineTo
SetTextColor
SetBkColor
DeleteObject
SelectObject
GetTextExtentPoint32A

comctl32

ImageList_DragLeave
ImageList_EndDrag
InitCommonControlsEx
ImageList_DragShowNolock
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragEnter
ImageList_GetImageCount
ImageList_Add
ImageList_Replace
ImageList_Destroy
ImageList_Create
_TrackMouseEvent

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA
DragAcceptFiles
FindExecutableA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

opengl32

glFogi
glDrawBuffer
glAlphaFunc
glLightfv
glEnable
glDepthFunc
glBlendFunc
glEnableClientState
glTexEnvi
glBindTexture
glDisableClientState
glDepthMask
glColorMaterial
glTexGeni
glLightModelfv
glMaterialfv
glDisable
glLightf
wglMakeCurrent
glPolygonOffset
glFogf
glFogfv
glGetIntegerv
glTexCoordPointer
glFinish
wglSwapLayerBuffers
glReadBuffer
glReadPixels
glClearColor
glClear
glViewport
glDepthRange
glScissor
glMatrixMode
glLoadMatrixf
glDrawElements
glGetString
wglGetProcAddress
glColorPointer
glVertexPointer
glNormalPointer
glNormal3fv
glGenTextures
glTexParameteri
glPixelStorei
glTexImage2D
glTexSubImage2D
glDeleteTextures
wglDeleteContext
wglCreateContext

wsock32

send
select
closesocket
WSAGetLastError
socket
setsockopt
listen
getsockname
accept
htons
getpeername
bind
inet_ntoa
WSAStartup
WSACleanup
connect
gethostbyname
sendto
recvfrom
recv
ioctlsocket
ntohs
inet_addr
ntohl
gethostname

comdlg32

GetOpenFileNameA
GetSaveFileNameA

mss32

_AIL_end_3D_sample@4
_AIL_allocate_sequence_handle@4
_AIL_allocate_sample_handle@4
_AIL_DLS_unload@8
_AIL_sample_ms_position@12
_AIL_WAV_info@8
_AIL_set_named_sample_file@20
_AIL_init_sample@4
_AIL_mem_free_lock@4
_AIL_sequence_ms_position@12
_AIL_init_sequence@12
_AIL_MIDI_to_XMI@20
_AIL_file_type@8
_AIL_set_file_callbacks@16
_AIL_open_digital_driver@16
_AIL_close_digital_driver@4
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_mem_use_free@4
_AIL_mem_use_malloc@4
_AIL_DLS_open@28
_AIL_DLS_close@8
_AIL_last_error@0
_AIL_open_XMIDI_driver@4
_AIL_close_XMIDI_driver@4
_AIL_enumerate_3D_providers@12
_AIL_set_3D_distance_factor@8
_AIL_open_3D_listener@4
_AIL_open_3D_provider@4
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_shutdown@0
_AIL_set_XMIDI_master_volume@8
_AIL_set_3D_position@16
_AIL_set_3D_orientation@28
_AIL_set_3D_room_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_speaker_type@8
_AIL_digital_CPU_percent@4
_AIL_find_DLS@24
_AIL_extract_DLS@28
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_3D_sample_status@4
_AIL_sample_status@4
_AIL_sequence_status@4
_AIL_end_sequence@4
_AIL_register_sequence_callback@8
_AIL_set_sequence_user_data@12
_AIL_set_stream_user_data@12
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_user_data@12
_AIL_end_sample@4
_AIL_register_EOS_callback@8
_AIL_set_sample_user_data@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_stream_user_data@8
_AIL_stop_sequence@4
_AIL_set_sequence_volume@12
_AIL_pause_stream@8
_AIL_set_stream_volume@8
_AIL_stop_3D_sample@4
_AIL_set_3D_sample_volume@8
_AIL_stop_sample@4
_AIL_set_sample_volume@8
_AIL_open_stream@12
_AIL_resume_3D_sample@4
_AIL_set_3D_sample_playback_rate@8
_AIL_3D_sample_playback_rate@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_info@8
_AIL_3D_user_data@8
_AIL_start_sample@4
_AIL_resume_sample@4
_AIL_set_sample_playback_rate@8
_AIL_sample_playback_rate@4
_AIL_set_sample_loop_count@8
_AIL_sample_user_data@8
_AIL_register_stream_callback@8
_AIL_set_stream_pan@8
_AIL_set_stream_playback_rate@8
_AIL_stream_playback_rate@4
_AIL_set_stream_loop_count@8
_AIL_sample_position@4
_AIL_start_sequence@4
_AIL_resume_sequence@4
_AIL_set_sequence_loop_count@8
_AIL_sequence_user_data@8
_AIL_set_3D_velocity@20
_AIL_set_3D_sample_preference@12
_AIL_3D_sample_attribute@12
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_cone@16
_AIL_set_3D_sample_effects_level@8
_AIL_set_sample_pan@8
_AIL_set_stream_ms_position@8
_AIL_stream_status@4
_AIL_set_3D_sample_obstruction@8
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_stream_ms_position@12
_AIL_3D_sample_length@4
_AIL_set_sample_ms_position@8
_AIL_release_sequence_handle@4
_AIL_set_3D_sample_occlusion@8
_AIL_close_stream@4
_AIL_DLS_compact@4
_AIL_DLS_load_memory@12
_AIL_release_sample_handle@4

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cms_t
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cms_d
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68af2cf0d86d2b030432a0e043bf62c6

Headers

File Characteristics

Imports

kernel32

ijl15

storm

msvcrt

user32

gdi32

comctl32

advapi32

shell32

ole32

opengl32

wsock32

comdlg32

mss32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 228KB - Virtual size: 560KB

.cms_t Size: 88KB - Virtual size: 88KB

.cms_d Size: 196KB - Virtual size: 194KB

.idata Size: 16KB - Virtual size: 15KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 228KB - Virtual size: 560KB

.cms_t
Size: 88KB - Virtual size: 88KB

.cms_d
Size: 196KB - Virtual size: 194KB

.idata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 48KB - Virtual size: 44KB