b71048c3b805e1d09491a08614898d8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b71048c3b805e1d09491a08614898d8a_JaffaCakes118
Size

337KB
MD5

b71048c3b805e1d09491a08614898d8a
SHA1

f86919b547ebea8c1e6334af718f53967c5dd53c
SHA256

4a110b7e9d76b4e5ef74ee527238d0a0518c050b11d9dac61ae864d83a4f0300
SHA512

4f881a7669e7c35738a0e7c4ec6ca5e5532a03adacae5a3f4e8a1070e109f740bb6f7fdb6d47d9b8d5600e28596c5da6a13d95fad93bf2c6f3b0e29087bf4d50
SSDEEP

6144:3noVhgy1maepsra6DLTTBucYmPcp99FqivppPP3qGBQPSchKx2mZSQPS5JaQ:Ycy9trh1r4VcivpJPaGBtchKrsESTaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001//upserver.exe
unpack001/·/data/gjlock.exe
unpack001/·/menu.exe
unpack001/·/up.exe
unpack001/ͻ/start.exe

Files

b71048c3b805e1d09491a08614898d8a_JaffaCakes118
.zip
˵_Readme.html
.html
/up.ini
/upserver.exe
.exe windows:4 windows x86 arch:x86

bcae353acae43a37e68a7fd83d063b5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
CopyFileA
WritePrivateProfileStringA
WriteFile
FindNextFileA
FindFirstFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetLocaleInfoW
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
GetPrivateProfileIntA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FileTimeToSystemTime
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
CreateFileA
CloseHandle
ReadFile
GetFileTime
IsBadReadPtr
FileTimeToLocalFileTime
GetProcAddress
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
HeapSize
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
SetEnvironmentVariableA
LCMapStringA
GetCurrentProcess
TerminateProcess
HeapReAlloc
GetFileSize
GetPrivateProfileStringA
SetCurrentDirectoryA
GetFileType
GetLocalTime
ExitProcess
GetVersion
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetModuleHandleA

user32

GetWindowLongA
CreateWindowExA
SendMessageA
SetWindowLongA
SendDlgItemMessageA
wsprintfA
SetWindowTextA
EnableWindow
MessageBoxA
GetDlgItem
DialogBoxParamA
LoadIconA
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
GetIconInfo
ShowWindow
GetWindowTextA
EndDialog
LoadMenuA
GetCursorPos
GetSubMenu
TrackPopupMenu
GetSystemMenu
FindWindowA

gdi32

GetDIBits
DeleteDC
GetObjectA
DeleteObject
CreateCompatibleDC

comdlg32

GetOpenFileNameA

shell32

DragQueryFileA
ShellExecuteA
Shell_NotifyIconA
SHGetPathFromIDListA
SHBrowseForFolderA
ExtractIconA

ws2_32

bind
WSAStartup
WSACleanup
listen
WSAAsyncSelect
socket
htons
recv
accept
closesocket

comctl32

ImageList_ReplaceIcon
ord6
ord17
ImageList_Create

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
·/data/gjlock.exe
.exe windows:4 windows x86 arch:x86

62655bcc5b888d387d18232b289db153

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
GetDlgItemTextA
MessageBoxA
GetDlgItem
ShowWindow
SetDlgItemTextA
SetWindowTextA
LoadIconA
SendMessageA
GetSystemMetrics
SetWindowPos
DialogBoxParamA

advapi32

RegSetValueExA
RegCreateKeyExA

kernel32

LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetStringTypeA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetStringTypeW
GetProcAddress
GetEnvironmentStrings
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
·/data/menutype.ini
·/data/other.ini
·/data/pctype.ini
·/data/reser.ini
·/menu.exe
.exe windows:4 windows x86 arch:x86

580b40a16e823ab3dfb07301efb54890

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
ReadFile
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetProcAddress
GetVersionExA
GetOEMCP
LoadLibraryA
CreateFileA
SetEndOfFile
GetLocaleInfoW
GetComputerNameA
GetDiskFreeSpaceA
WinExec
Sleep
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetCurrentDirectoryA
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
HeapSize
GetLastError
CloseHandle
WriteFile
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
SetEnvironmentVariableA

user32

DialogBoxParamA
LoadIconA
wsprintfA
TrackPopupMenu
GetSubMenu
GetCursorPos
SendMessageA
CreateWindowExA
GetDlgItemTextA
GetDlgItem
LoadMenuA
SetDlgItemTextA
MessageBoxA
EndDialog
GetSystemMenu

gdi32

SetBkMode
CreateFontA
SelectObject
CreateSolidBrush

advapi32

OpenSCManagerA
QueryServiceStatus
ControlService
OpenServiceA
StartServiceA

shell32

ExtractIconA
ShellExecuteA

ws2_32

WSACleanup
closesocket
send
gethostname
connect
inet_addr
htons
socket
WSAStartup

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord6

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
·/up.exe
.exe windows:4 windows x86 arch:x86

9e943d6cc3941b1e7fc0148d7e478f7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
CreateFileA
Sleep
CloseHandle
GetPrivateProfileStringA
ResumeThread
CreateThread
SetThreadPriority
GetCurrentThread
SetCurrentDirectoryA
FindNextFileA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
ReadFile
SetFileTime
SetEndOfFile
SetFilePointer
GetFileSize
GetLocaleInfoW
LoadLibraryA
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetProcAddress
GetVersionExA
CreateDirectoryA
FindFirstFileA
FindClose
GetDiskFreeSpaceA
CopyFileA
WriteFile
GetUserDefaultLCID
EnumSystemLocalesA
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
HeapSize
GetLastError
FlushFileBuffers
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsValidLocale
IsValidCodePage
GetLocaleInfoA
SetEnvironmentVariableA

user32

KillTimer
SetWindowTextA
SendMessageA
GetDlgItem
SendDlgItemMessageA
MessageBoxA
wsprintfA
SetTimer
EndDialog
LoadIconA
DialogBoxParamA
SetDlgItemTextA

advapi32

OpenServiceA
ControlService
QueryServiceStatus
StartServiceA
OpenSCManagerA

shell32

ShellExecuteA

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ͻ/start.exe
.exe windows:4 windows x86 arch:x86

b5f8df03f6bbbb51f9674c3621835680

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
SetFileTime
WriteFile
ReadFile
SetFileAttributesA
CompareFileTime
GetFileTime
CloseHandle
CreateDirectoryA
CreateFileA
FindFirstFileA
SetCurrentDirectoryA
GetPrivateProfileStringA
CreateThread
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeW

user32

EndDialog
SetTimer
MessageBoxA
DialogBoxParamA
SetDlgItemTextA
LoadIconA
KillTimer

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ͻ/start.ini

Sharing

General

Malware Config

Signatures

Files

bcae353acae43a37e68a7fd83d063b5a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ws2_32

comctl32

mpr

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 12KB - Virtual size: 581KB

.rsrc Size: 32KB - Virtual size: 31KB

62655bcc5b888d387d18232b289db153

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 15KB

580b40a16e823ab3dfb07301efb54890

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

comctl32

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 20KB - Virtual size: 18KB

9e943d6cc3941b1e7fc0148d7e478f7e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 1.6MB

.rsrc Size: 16KB - Virtual size: 15KB

b5f8df03f6bbbb51f9674c3621835680

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 12KB - Virtual size: 581KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 20KB - Virtual size: 18KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 1.6MB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 25KB