b07a4b43b160fad812501e920c24307b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b07a4b43b160fad812501e920c24307b_JaffaCakes118
Size

411KB
MD5

b07a4b43b160fad812501e920c24307b
SHA1

8cbf1ce70ea3ee4c642d858a43bb4b695a717b55
SHA256

a62eb51759bd2d70baa27bb379167f42662b10157d98ea30331909334b117c50
SHA512

53575d00fd2b526550e6c7bb79b6c9990719cb900be8c1217e75e3eee8677fb59975a7727400057446eb0bd11261bf0349f92f6a6ddfc215ecce9e1328f62c3e
SSDEEP

12288:Q6hOLHiEDXRM8huG4wqlFsecfpCu5peWio+w9/Z3dHoSPbXjS:QqOLCSBzn49uC5uzHlq

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Syslogger/Dissembler Lib.dll
unpack001/Syslogger/Syslogger.exe
unpack001/Syslogger/vsflex8.ocx

Files

b07a4b43b160fad812501e920c24307b_JaffaCakes118
.rar
Syslogger/Dissembler Lib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Syslogger/SYS1.png
.png
Syslogger/SYS2.png
.png
Syslogger/Syslogger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Syslogger/index.php
Syslogger/style.css
Syslogger/vsflex8.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

7f6312c60cfeac348f468969733ce5d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
WriteFile
TerminateProcess
ExitProcess
ReadFile
SetEndOfFile
SetStdHandle
GetStartupInfoA
GetStdHandle
TlsFree
SetFilePointer
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
DeleteFileA
MoveFileA
HeapFree
HeapAlloc
CreateFileA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CloseHandle
SetLastError
TlsGetValue
HeapSize
GetTimeZoneInformation
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
RaiseException
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
LocalAlloc
InterlockedExchange
GetSystemTime
GetCurrencyFormatA
CompareStringA
GetLocaleInfoA
GetVersion
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
DisableThreadLibraryCalls
GetTempPathA
GetTempFileNameA
lstrcatA
MulDiv
GlobalFree
GetVersionExA
Sleep
lstrcpynA
GlobalUnlock
GetTickCount
GetProfileIntA
lstrcpyA
lstrcmpA
FreeLibrary
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
InterlockedIncrement
MultiByteToWideChar
GlobalSize
lstrlenW
lstrlenA
IsDBCSLeadByte
WideCharToMultiByte
GlobalAlloc
GlobalLock
SetHandleCount

user32

GetDC
wsprintfA
IsWindowEnabled
GetFocus
GetWindowRect
SendMessageA
InvalidateRect
GetParent
SetRect
GetClientRect
ReleaseDC
SetScrollInfo
GetSystemMetrics
GetScrollInfo
IsWindow
ScrollWindow
OffsetRect
GetKeyState
InflateRect
DrawTextA
MessageBoxA
LoadStringA
CharNextA
GetSysColor
GetSysColorBrush
LoadCursorA
SetClassLongA
GetClassLongA
UnionRect
RegisterClassExA
GetClassInfoExA
SetWindowRgn
EqualRect
EndPaint
BeginPaint
GetWindow
WindowFromDC
PeekMessageA
GetAsyncKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsCharAlphaA
GetDlgCtrlID
EnumChildWindows
EndDialog
DialogBoxParamA
GetDesktopWindow
GetDlgItem
LoadIconA
LoadBitmapA
RegisterWindowMessageA
DestroyCursor
DestroyIcon
SetWindowPos
CreateWindowExA
CallWindowProcA
DefWindowProcA
DrawFocusRect
FrameRect
DrawFrameControl
IntersectRect
DrawIcon
IsChild
GetScrollRange
SystemParametersInfoA
DrawEdge
GetCapture
KillTimer
SetTimer
UpdateWindow
FillRect
SetCursor
SetCapture
InvertRect
ReleaseCapture
GetWindowTextA
DestroyWindow
HideCaret
EnableWindow
MessageBeep
SetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
GetWindowTextLengthA
ShowWindow
SetFocus
IsWindowVisible
MoveWindow
GetCursorPos
ScreenToClient
PtInRect

gdi32

GetObjectType
RectVisible
Polygon
LineTo
ExtTextOutA
ExcludeClipRect
SetStretchBltMode
StretchBlt
GetDIBits
StretchDIBits
CreateCompatibleDC
CreateBitmap
DeleteDC
GetStockObject
SelectPalette
RealizePalette
SetBkMode
SetTextColor
SetBkColor
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
CreateCompatibleBitmap
CloseMetaFile
DeleteMetaFile
GetDeviceCaps
GetObjectA
SelectObject
DeleteObject
CreatePen
CreateSolidBrush
CreateDIBitmap
CopyEnhMetaFileA
CopyMetaFileA
ResetDCA
CreateFontIndirectA
CreatePatternBrush
CreateRectRgnIndirect
SetViewportOrgEx
LPtoDP
CreateDCA
GetClipBox
SelectClipRgn
BitBlt
GetTextExtentPoint32A
CreateFontA
CloseEnhMetaFile
CreateEnhMetaFileA
GetTextColor
GetTextMetricsA
GetCurrentPositionEx
SetTextAlign
SetViewportExtEx
DPtoLP
SetMapMode
Rectangle
AbortDoc
EndDoc
EndPage
TextOutA
StartPage
RestoreDC
MoveToEx
StartDocA

comdlg32

PrintDlgA

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA

shell32

DragQueryFileA
ShellExecuteA

ole32

CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
CLSIDFromString
CreateOleAdviseHolder
StringFromCLSID
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
OleSaveToStream
WriteClassStm
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateBindCtx
RevokeDragDrop
RegisterDragDrop
DoDragDrop
ProgIDFromCLSID
CoTaskMemFree
ReleaseStgMedium
OleDuplicateData

oleaut32

OleLoadPicturePath
OleLoadPicture
VariantCopyInd
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
SafeArrayDestroy
CreateErrorInfo
SetErrorInfo
OleCreateFontIndirect
OleTranslateColor
SafeArrayPutElement
SafeArrayGetElement
LoadRegTypeLi
SysAllocString
VariantChangeType
VariantCopy
SysAllocStringLen
SysFreeString
SysStringLen
OleCreatePictureIndirect
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

comctl32

ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Draw
ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 23KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 18KB - Virtual size: 17KB

7f6312c60cfeac348f468969733ce5d7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 341KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 28KB - Virtual size: 159KB

.rsrc Size: 132KB - Virtual size: 130KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 344KB - Virtual size: 341KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 28KB - Virtual size: 159KB

.rsrc
Size: 132KB - Virtual size: 130KB

.reloc
Size: 24KB - Virtual size: 23KB