ba6ec65999f2f1498dc940ed815a616b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba6ec65999f2f1498dc940ed815a616b_JaffaCakes118
Size

612KB
MD5

ba6ec65999f2f1498dc940ed815a616b
SHA1

53c3ff1de35d20427440cd6e9b5f7645e9cad7b5
SHA256

41dc9ca4f624ec68397d5c014227f085e5ef7bfc4345f8ba75d8451536c14015
SHA512

22845b69d730b9b9703b6305377489bae07d679febb671070a098a903e115073695065e33e1a36dd50b22e7fae226fa2c64cb35386f5a67d0ed18322220928a0
SSDEEP

12288:a/Pi6giGF6HNy8+iCJ6B33GyaK0AbJE9HHuwMuy8YEQk7GRH1w:96O6tyNiC6B33Dal4E9HOA4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Defender's Revenge v1/Defender's Revenge v1/Defender's Revenge.exe
unpack001/Defender's Revenge v1/Defender's Revenge v1/YMSG12ENCRYPT.dll
unpack001/Defender's Revenge v1/Defender's Revenge v1/actskin4.ocx

Files

ba6ec65999f2f1498dc940ed815a616b_JaffaCakes118
.rar
Defender's Revenge v1/Defender's Revenge v1/0.jpg
.jpg
Defender's Revenge v1/Defender's Revenge v1/Bot List.txt
Defender's Revenge v1/Defender's Revenge v1/Defender's Revenge.exe
.exe windows:4 windows x86 arch:x86

90524ffebc0a6a1ab25f1a33e2617520

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaVarFix
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaBoolVar
__vbaVarTstLt
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaInputFile
ord712
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord607
__vbaI2Str
ord608
ord716
__vbaFPException
__vbaStrVarVal
ord534
__vbaVarCat
ord535
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord648
__vbaR8Str
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarMod
__vbaVarCopy
ord616
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Defender's Revenge v1/Defender's Revenge v1/Defender-Inc.skn
Defender's Revenge v1/Defender's Revenge v1/ReadMe.txt
Defender's Revenge v1/Defender's Revenge v1/YMSG12ENCRYPT.dll
.dll windows:4 windows x86 arch:x86

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord4486
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord6375
ord3830
ord4274
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
malloc
strchr
isalpha
isdigit
sprintf
realloc
strncmp
strcspn
strncpy
free

kernel32

LocalFree
LocalAlloc

Exports

Exports

YMSG12_ScriptedMind_Encrypt

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Defender's Revenge v1/Defender's Revenge v1/actskin4.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

43ee74685bc80bf1601e346af863a563

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

kernel32

GetVersion
QueryPerformanceCounter
WaitForSingleObject
Sleep
QueryPerformanceFrequency
GetWindowsDirectoryA
WriteFile
DebugBreak
HeapReAlloc
CreateFileA
GetTickCount
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
GetStringTypeW
CloseHandle
GetFileSize
ReadFile
GetCurrentProcess
DeleteFileA
GetCurrentThreadId
InterlockedDecrement
FlushInstructionCache
InterlockedIncrement
lstrcatA
LoadLibraryA
GetProcAddress
LeaveCriticalSection
lstrcpyA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetSystemInfo
HeapCreate
GetVersionExA
IsDBCSLeadByte
HeapAlloc
DisableThreadLibraryCalls
LoadLibraryExA
lstrcpynA
lstrcmpiA
HeapFree
GetLastError
CreateThread
SetFilePointer
TerminateProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
ExitProcess
HeapSize
GetStdHandle
RtlUnwind

user32

SystemParametersInfoA
GetDC
ReleaseDC
SetWindowTextA
GetSysColor
GetWindow
GetParent
CreateWindowExA
DestroyCaret
GetScrollInfo
ClientToScreen
GetUpdateRgn
GetClassNameA
SendMessageA
GetCursorPos
GetWindowRect
GetWindowRgn
SetCapture
SetScrollInfo
GetDesktopWindow
CallWindowProcA
SetFocus
BeginPaint
GetClientRect
EndPaint
InvalidateRect
IntersectRect
EqualRect
OffsetRect
IsRectEmpty
DrawTextA
IsWindow
DestroyWindow
TrackPopupMenu
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus
IsChild
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
UnionRect
PtInRect
GetKeyState
DefWindowProcA
RedrawWindow
EnableMenuItem
CallNextHookEx
GetMenuItemCount
SetMenuItemInfoA
GetMenuStringA
GetMenuItemInfoA
GetWindowDC
SendMessageTimeoutA
PostMessageA
EnumThreadWindows
EnumChildWindows
PeekMessageA
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadBitmapA
ShowWindow
SetMenu
GetMenuItemID
GetSubMenu
GetMenuState
GetActiveWindow
AdjustWindowRect
GetMenu
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
DrawIconEx
UpdateWindow
SetWindowRgn
SetWindowPos
ReleaseCapture
GetWindowLongA
SetWindowLongA
LoadStringA
CharNextA
LoadImageA
WindowFromDC
GetSystemMenu

gdi32

DeleteObject
OffsetRgn
CombineRgn
CreateRectRgn
CreateSolidBrush
SetBkColor
RectInRegion
SetViewportOrgEx
GetStockObject
SetTextColor
RestoreDC
DeleteDC
GetDeviceCaps
SetMapMode
SaveDC
SetWindowOrgEx
CreateDCA
BitBlt
LPtoDP
CreateCompatibleDC
GetObjectA
SelectObject
GetCurrentObject
CreateFontIndirectA
SelectClipRgn
CreateDIBSection
ExtCreateRegion
GetClipBox
SetBkMode
GetRegionData
PtInRegion
CreateRectRgnIndirect

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

shell32

ShellExecuteExA

ole32

OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
OleRegGetMiscStatus
OleLoadFromStream
CreateStreamOnHGlobal
StringFromCLSID
OleRegGetUserType
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorage
StgCreateDocfile
OleRegEnumVerbs
ProgIDFromCLSID

oleaut32

OleCreatePropertyFrame
OleCreateFontIndirect
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SysStringLen
SysAllocStringLen
VariantClear
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
VariantChangeType

comctl32

ImageList_Draw

Exports

Exports

?GetRegistrationInformation@@YGXPAD@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90524ffebc0a6a1ab25f1a33e2617520

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 768KB - Virtual size: 766KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 8KB

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 822B

43ee74685bc80bf1601e346af863a563

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 88KB - Virtual size: 86KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 768KB - Virtual size: 766KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 822B

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 88KB - Virtual size: 86KB

.reloc
Size: 20KB - Virtual size: 16KB