b84ea6312029541ea0291513d2a3779c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b84ea6312029541ea0291513d2a3779c_JaffaCakes118
Size

800KB
MD5

b84ea6312029541ea0291513d2a3779c
SHA1

c11918e5648a182049b39c5e9e60b01ac9c86f3b
SHA256

5b5f215c87a3e41c7c67a6b3545e7444164cd8385f852b01b9792fdef3ffd153
SHA512

2401c73e310ad7e17243c8c92b02c80b8faeb2226c21d3ca0bae0d1326c0c5d2e2c4f4a45a2bf16e7ab88e06dc478cbe9c1cd40246aee508945ab9e4fd727a4b
SSDEEP

12288:IIV6moOmxUdd0SSxXOpb2ecgg9bWgUCoev6ptp8HOK6sZOh4YSSOlxxu/t:PsxUC+pbNngAXzptp+OK6RSwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PEiD.exe
unpack001/PEiD_ch.exe
unpack001/plugins/AddSig.DLL
unpack001/plugins/advanced_scan.dll
unpack001/tools/PEiD Signature Organizer/PEIDSO.exe
unpack001/tools/PEid_db_Manager_1.01/PEid db Manager.exe

Files

b84ea6312029541ea0291513d2a3779c_JaffaCakes118
.rar
PEiD.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 153KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PEiD_ch.exe
.exe windows:4 windows x86 arch:x86

8a2595364a5dfe61a7fd611ddc14cd57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
EqualSid

comctl32

CreateToolbarEx
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
InitCommonControls

gdi32

GetTextMetricsA
CreateCompatibleDC
SelectObject
CreateSolidBrush
TextOutA
BitBlt
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectA
DeleteObject
CreateCompatibleBitmap
DeleteDC

kernel32

Sleep
GlobalLock
lstrcpy
OutputDebugStringA
GetProcAddress
LoadLibraryA
FreeLibrary
CompareStringA
lstrlen
GlobalUnlock
WritePrivateProfileStructA
GetModuleHandleA
lstrcat
lstrcpyn
GetPrivateProfileStructA
ReadFile
SetFilePointer
SetEndOfFile
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateThread
VirtualProtect
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
LockResource
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
ExitProcess
VirtualQuery
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
HeapAlloc
HeapReAlloc
HeapFree
GetVersionExA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
FindFirstFileA
FindNextFileA
GetTickCount
FindClose
GlobalAlloc
ReadProcessMemory
GetTempPathA
GlobalFree
MulDiv
GetModuleFileNameA
GetCurrentThread
GetLastError
GetCurrentProcess
OpenProcess
TerminateProcess
WaitForSingleObject
TerminateThread
GetFileAttributesA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
CloseHandle
WriteFile
GetSystemInfo

shell32

Shell_NotifyIcon
DragFinish
DragQueryFile
ShellExecuteA
DragAcceptFiles
SHBrowseForFolder
SHGetPathFromIDList
SHGetFileInfo

user32

GetClientRect
ScreenToClient
LoadBitmapA
LoadAcceleratorsA
GetMessageA
TranslateAccelerator
wsprintfA
DispatchMessageA
DefWindowProcA
CheckRadioButton
GetScrollInfo
IsClipboardFormatAvailable
GetClipboardData
GetWindowTextLengthA
CreateWindowExA
GetSystemMetrics
RegisterClassA
GetParent
GetDlgCtrlID
GetClassInfoA
EnumClipboardFormats
TranslateMessage
CheckDlgButton
SetFocus
GetScrollPos
SetScrollPos
SetScrollRange
GetClassLongA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
RegisterClipboardFormatA
AppendMenuA
GetAsyncKeyState
IsZoomed
IsIconic
PostQuitMessage
IsWindowEnabled
MessageBoxIndirectA
wvsprintfA
InvalidateRect
GetDC
ReleaseDC
BeginPaint
FillRect
EndPaint
UpdateWindow
DestroyMenu
FindWindowA
SetForegroundWindow
SetWindowPos
TrackPopupMenu
PostMessageA
SetWindowLongA
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DialogBoxParamA
GetCursorPos
TrackPopupMenuEx
LoadIconA
CreatePopupMenu
InsertMenuA
GetDlgItemTextA
IsDlgButtonChecked
CallWindowProcA
MessageBeep
GetSysColorBrush
SetDlgItemTextA
LoadCursorA
SetClassLongA
EndDialog
EnableWindow
SetWindowTextA
SendDlgItemMessageA
SendMessageA
MessageBoxA
MoveWindow
GetDlgItem
GetWindowRect
CreateCaret

comdlg32

GetOpenFileNameA
GetSaveFileNameA

Sections

.text
Size: 432KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
external.txt
plugins/AddSig.DLL
.dll windows:4 windows x86 arch:x86

02328e7ddc28f9f122f3c1001b2a5e47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemAlloc

comctl32

ImageList_SetIconSize

comdlg32

GetOpenFileNameA

Exports

Exports

DoMyJob
GetPTPluginName
LoadDll
StartPTPlugin

Sections

CODE
Size: 209KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
plugins/AddSig.HTML
.html
plugins/advanced_scan.dll
.dll windows:4 windows x86 arch:x86

669ae3ec963ee17510408453b86e34a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MoveWindow
SendMessageA
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxParamA
wsprintfA

kernel32

FindClose
GetPrivateProfileSectionNamesA
lstrlenA
lstrcpyA
lstrcatA
CloseHandle
CompareStringA
CreateFileA
CreateFileMappingA
CreateThread
GetFileAttributesA
GetFileSize
GetModuleFileNameA
FindFirstFileA
MapViewOfFile
RtlMoveMemory
UnmapViewOfFile
VirtualAlloc
VirtualFree

shell32

DragFinish
DragQueryFileA

gdi32

CreateFontIndirectA

Exports

Exports

DoMyJob
LoadDll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/kanal.htm
.html
pluginsdk/defs.h
pluginsdk/null.c
readme.txt
tools/PEiD Signature Organizer/PEIDSO.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 140KB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
tools/PEiD Signature Organizer/userdb.txt
tools/PEid_db_Manager_1.01/PEid db Manager.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 340KB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
tools/PEid_db_Manager_1.01/userdb.txt
tools/PEid_db_Manager_1.01/userdb2.txt
tools/PEid_db_Manager_1.01/userdbopt.txt
userdb.txt

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 153KB - Virtual size: 480KB

.rsrc Size: 5KB - Virtual size: 8KB

8a2595364a5dfe61a7fd611ddc14cd57

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

shell32

user32

comdlg32

Sections

.text Size: 432KB - Virtual size: 496KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 41KB - Virtual size: 44KB

02328e7ddc28f9f122f3c1001b2a5e47

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

comdlg32

Exports

Exports

Sections

CODE Size: 209KB - Virtual size: 600KB

.rsrc Size: 9KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 512B

669ae3ec963ee17510408453b86e34a9

Headers

File Characteristics

Imports

user32

kernel32

shell32

gdi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 1006B

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 312B

.reloc Size: 512B - Virtual size: 236B

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 140KB - Virtual size: 4B

���� Size: - Virtual size:

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 340KB - Virtual size: 4B

���� Size: - Virtual size:

.text
Size: 153KB - Virtual size: 480KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 432KB - Virtual size: 496KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 41KB - Virtual size: 44KB

CODE
Size: 209KB - Virtual size: 600KB

.rsrc
Size: 9KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 1006B

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 312B

.reloc
Size: 512B - Virtual size: 236B

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size: