972effbf2346e50122c779bfcb6864e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

972effbf2346e50122c779bfcb6864e7_JaffaCakes118
Size

2.1MB
MD5

972effbf2346e50122c779bfcb6864e7
SHA1

e04a88ad80cf2f36a6fdc8fe1eecee1792cb4f3d
SHA256

dcca2019f99e6811c597c18c481fac573989d4fa40255a67caee9d9576288d7e
SHA512

1322fe4979fa3035c7ab96eaee5303f257bd8856bb6925dfb3c49933c1c521d9ad81c48a5c779e43c8d144d33342cdfd9a148d34ca9289891d4d9efe4ce3eea4
SSDEEP

49152:wyO0HZ5+f+cii7GQkoWGTdMZdSRLLB5Dlaeph:w5qqGciiKJ0p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
972effbf2346e50122c779bfcb6864e7_JaffaCakes118

Files

972effbf2346e50122c779bfcb6864e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17baba570745af6cf7ccbbd51ac2b4a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyA
CryptGetHashParam
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
InitializeSecurityDescriptor
RegOpenKeyExA

dinput8

DirectInput8Create

devil

ilDeleteImages
ilGetInteger
ilSaveImage
ilBindImage
ilGenImages
ilSave
ilEnable
ilTexImage
ilOriginFunc
ilConvertImage
ilSetPixels
ilCopyPixels
ilShutDown
ilInit
ilLoad
ilGetData
ilSetInteger

gdi32

CreateCompatibleDC
CreateDIBSection
DeleteDC
SetTextColor
SetBkColor
GetTextExtentPoint32W
TextOutW
CreateFontIndirectA
SelectObject
SetBkMode
TextOutA
DeleteObject
GetStockObject
EnumFontFamiliesExA
GetTextExtentPoint32A

imm32

ImmIsIME
ImmGetOpenStatus
ImmGetIMEFileNameA
ImmNotifyIME
ImmGetCompositionStringW
ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus
ImmReleaseContext
ImmAssociateContext
ImmGetCandidateListW

kernel32

RtlUnwind
RaiseException
GetFileAttributesA
HeapFree
ResumeThread
CreateThread
GetSystemTimeAsFileTime
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
HeapAlloc
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
ExitProcess
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
WriteFile
FlushFileBuffers
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
VirtualProtect
GetExitCodeProcess
CreateProcessA
LoadLibraryA
QueryPerformanceCounter
DeleteFileA
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
GetComputerNameA
lstrlenA
lstrcmpA
GetModuleFileNameW
LoadLibraryExA
GetProcessHeap
DuplicateHandle
CreatePipe
PeekNamedPipe
lstrcpyA
HeapValidate
Sleep
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
SetEvent
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetCurrentProcess
OutputDebugStringA
ReadProcessMemory
GetLastError
TerminateThread
lstrcatA
OpenEventA
WaitForMultipleObjects
ResetEvent
GetLocalTime
GlobalAlloc
GlobalFree
CopyFileA
ReleaseSemaphore
GetSystemDirectoryA
GlobalLock
GlobalUnlock
FreeLibrary
WinExec
GetTempFileNameA
GetTempPathA
MoveFileA
ReleaseMutex
CreateMutexA
FindFirstFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindNextFileA
FindClose
SetFileAttributesA
InitializeCriticalSection
CreateEventA
GetTickCount
GetSystemInfo
GetFileSize
FreeEnvironmentStringsW

oleaut32

VariantClear
SysAllocString
VariantInit

shell32

SHGetSpecialFolderPathA

speedtreert

?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??1STextures@CSpeedTreeRT@@QAE@XZ
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
??0STextures@CSpeedTreeRT@@QAE@XZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??3CSpeedTreeRT@@SAXPAX@Z
??1CSpeedTreeRT@@QAE@XZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??0CSpeedTreeRT@@QAE@XZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z

user32

PostQuitMessage
GetAsyncKeyState
ScreenToClient
GetCursorPos
SystemParametersInfoA
SetWindowPos
LoadStringA
wsprintfA
UnregisterClassA
RegisterClassExA
UpdateWindow
GetKeyboardLayout
GetKeyboardLayoutNameA
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
CreateWindowExA
SetWindowLongA
LoadCursorA
LoadIconA
RegisterClassA
SetRect
GetMenu
AdjustWindowRectEx
MoveWindow
GetClientRect
GetWindowRect
IsWindow
DestroyWindow
InvalidateRect
GetWindowLongA
DefWindowProcA
CharPrevExA
CharNextExA
GetDC
ReleaseDC
MessageBoxA
GetSystemMetrics
GetCapture
ShowWindow
ChangeDisplaySettingsA
ReleaseCapture
SetCapture
ClientToScreen
SetCursorPos
LoadImageA
DestroyCursor
SetCursor
ShowCursor
GetKeyState
FindWindowA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod
timeGetTime

ws2_32

gethostbyname
bind
closesocket
recvfrom
sendto
WSACleanup
WSAStartup
WSASend
__WSAFDIsSet
WSAGetLastError
socket
ioctlsocket
htons
inet_addr
connect
recv
send
select

d3d8

Direct3DCreate8

granny2

_GrannySetLogCallback@4
_GrannyGetMaterialTextureByType@8
_GrannyNewWorldPose@4
_GrannyGetSourceSkeleton@4
_GrannyFreeWorldPose@4
_GrannyInstantiateModel@4
_GrannyFreeModelInstance@4
_GrannyFindBoneByName@12
_GrannyGetWorldPose4x4@8
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannySetModelClock@8
_GrannyUpdateModelMatrix@16
_GrannyFreeLocalPose@4
_GrannyNewLocalPose@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeCompletedModelControls@4
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyGetFileInfo@4
_GrannyReadEntireFileFromMemory@8
_GrannySetControlEaseInCurve@28
_GrannyFreeControlOnceUnused@4
_GrannySetControlLoopCount@8
_GrannySetControlSpeed@8
_GrannyPlayControlledAnimation@12
_GrannyFreeControlIfComplete@4
_GrannyCompleteControlAt@8
_GrannySetControlEaseOut@8
_GrannySetControlEaseOutCurve@28
_GrannySetControlEaseIn@8
_GrannySetControlRawLocalClock@8
_GrannyGetControlLocalDuration@4
_GrannyGetControlRawLocalClock@4
_GrannyGetControlLoopCount@4
_GrannyGetControlSpeed@4
_GrannyFreeControl@4
_GrannyGetMeshIndexCount@4
_GrannyGetTotalTypeSize@4
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
GrannyPNT332VertexType
_GrannyCopyMeshIndices@12
_GrannyCopyMeshVertices@12
_GrannyDeformVertices@24
_GrannyGetMeshVertices@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshTriangleGroupCount@4
_GrannyFreeMeshDeformer@4
_GrannyNewMeshDeformer@12
_GrannyGetMeshVertexType@4
_GrannyControlIsComplete@4

imagehlp

StackWalk
GetTimestampForLoadedLibrary
EnumerateLoadedModules

mss32

_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_set_3D_orientation@28
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_open_3D_listener@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_open_digital_driver@16
_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_release_3D_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_auto_update_3D_position@8
_AIL_last_error@0
_AIL_set_3D_sample_file@8
_AIL_3D_sample_status@4
_AIL_start_3D_sample@4
_AIL_file_type@8
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_3D_sample_volume@4
_AIL_set_3D_sample_volume@8
_AIL_close_stream@4
_AIL_stream_status@4
_AIL_start_stream@4
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_stream_volume_levels@12
_AIL_set_stream_volume_levels@12
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_sample_status@4
_AIL_start_sample@4
_AIL_set_sample_loop_count@8
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_sample_volume_pan@12
_AIL_mem_free_lock@4
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_set_3D_sample_loop_count@8
_AIL_set_sample_volume_pan@12
_AIL_decompress_ADPCM@12

ole32

OleInitialize
CoGetClassObject
OleSetContainedObject
OleUninitialize

python22

Py_SetProgramName
PyImport_AddModule
PyModule_GetDict
PyImport_ImportModule
PyDict_SetItemString
PyRun_String
Py_Initialize
PyErr_Fetch
Py_Finalize
PyObject_GetAttr
PyObject_GetAttrString
PyErr_Clear
PyCallable_Check
PyObject_CallObject
PyErr_Print
PyString_Type
PyString_AsString
PyFloat_AsDouble
_Py_NoneStruct
PyErr_BadArgument
PyList_New
PyString_FromString
PyList_Append
PyTuple_Type
PyInt_AsLong
PyExc_RuntimeError
PyErr_SetString
PyString_InternFromString
PyNumber_Check
PyTuple_GetItem
PyDict_Type
PyType_IsSubtype
PyDict_GetItemString
PyLong_AsLong
PyTuple_Size
Py_InitModule4
PyModule_AddIntConstant
Py_BuildValue

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 127KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pseudo
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17baba570745af6cf7ccbbd51ac2b4a5

Headers

File Characteristics

Imports

advapi32

dinput8

devil

gdi32

imm32

kernel32

oleaut32

shell32

speedtreert

user32

version

winmm

ws2_32

d3d8

granny2

imagehlp

mss32

ole32

python22

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 229KB - Virtual size: 232KB

Size: 127KB - Virtual size: 392KB

Size: 2KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 40KB

.data Size: 77KB - Virtual size: 80KB

.idata Size: 13KB - Virtual size: 16KB

.pseudo Size: 5KB - Virtual size: 8KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 229KB - Virtual size: 232KB

.rsrc
Size: 39KB - Virtual size: 40KB

.data
Size: 77KB - Virtual size: 80KB

.idata
Size: 13KB - Virtual size: 16KB

.pseudo
Size: 5KB - Virtual size: 8KB