bdca0e460f5a9d07dace19e6b7907be6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bdca0e460f5a9d07dace19e6b7907be6_JaffaCakes118
Size

1.4MB
MD5

bdca0e460f5a9d07dace19e6b7907be6
SHA1

644941996cc9e27f48166c732f0a0e4207b8e3cf
SHA256

27b70ff660c88c123b2f8cb1574972ce0b0e08bf18f64a93fdb69274753629da
SHA512

59b02dc9b2a9a8408589a18c40bc1a943cd5777ed7e1c0a75b854380110d4f2d261effe67f1611336fa9f909f9cbfe0f30032fa26bc8a892e1a6202d997fd5fa
SSDEEP

24576:JHtw4MhoM2jOiLO7566mX+mFPjLpiyjQLsMwoXTC2o289L5geyAf5eCqXw:JNKB2Y7566mOmFPpdQof2c9L51y+eCgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/start.exe
unpack001/startf.exe

Files

bdca0e460f5a9d07dace19e6b7907be6_JaffaCakes118
.zip
Doc/AHCI.txt
Doc/WhatsNew.txt
Doc/_    .txt
Doc/_ ᪠.txt
Doc/_ਯ.txt
Doc/_ ⪨⮢.txt
Doc/ ᪮ ਥ.txt
Doc/ ஢७ 䠩.txt
Doc/㠫.txt
Doc/楯 uvs.txt
Doc/騩 FAQ.txt
Doc/ ᮢ.txt
Doc/ ࠡ稩 ⮫.txt
Doc/࠭ 䠩.txt
SHA/url.txt
_autorun.zip
.zip
CD/!startF.cmd
CD/autorun.inf
CD/readme.txt
CD/start.cmd
CD/startd.cmd
_unlock.inf
bait
fat5
fat6
ipl5
ipl6
km50
km51
km52
km52.x64
km60
km60.x64
km61
km61.x64
links.htm
.html
mbrc
ntf5
ntf6
start.exe
.exe windows:5 windows x86 arch:x86

80758ef9099f83d728d1a6d4f86bf811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2W

kernel32

HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
VirtualAlloc
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetErrorMode
FlushFileBuffers
SetFilePointer
lstrlenA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
InterlockedIncrement
GlobalFlags
GetModuleHandleA
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
WideCharToMultiByte
SetLastError
GlobalAlloc
FormatMessageW
lstrlenW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
MultiByteToWideChar
GetCurrentDirectoryW
MoveFileW
GetLastError
LocalFree
OpenProcess
CreateProcessW
GetDriveTypeW
GetWindowsDirectoryW
GetVersionExW
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileStringW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
LocalAlloc
GetCommandLineW
GetTickCount
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetPrivateProfileIntW
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
SetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCPInfo

user32

UnregisterClassW
DestroyMenu
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
EnableWindow
CheckMenuItem
OpenInputDesktop
CreateDesktopW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SendDlgItemMessageA
SetThreadDesktop
SwitchDesktop
CloseDesktop
SendMessageW
GetSystemMetrics
IsIconic
GetClientRect
GetFocus
PostMessageW
GetTopWindow
GetWindowLongW
GetClassNameW
GetWindow
SetWindowLongW
SetWindowPos
SetForegroundWindow
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
SetFocus
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem

gdi32

GetStockObject
DeleteDC
TextOutW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessWithLogonW
CreateProcessAsUserW
ImpersonateLoggedOnUser
SetSecurityInfo
GetSecurityInfo
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
QueryServiceLockStatusW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
startd.cmd
startf.exe
.exe windows:5 windows x86 arch:x86

cd2ca0b4572b55135f0abf5c544af64d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
OpenSCManagerW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
QueryServiceLockStatusW
LockServiceDatabase
UnlockServiceDatabase

kernel32

GetSystemDirectoryW
LoadLibraryW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
GetProcAddress
UnmapViewOfFile
CloseHandle
FreeLibrary
VirtualProtect
FindFirstFileW
FindClose
GetLogicalDriveStringsW
QueryDosDeviceW
GetModuleHandleW
ReadProcessMemory
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DuplicateHandle
ReadFile
WriteFile
GetVersionExW
GetCurrentProcess
CreateProcessW
WaitForSingleObject
GetLastError
GetLongPathNameW
CompareFileTime
Sleep
GetTempPathW
GetSystemWindowsDirectoryW
GetModuleFileNameW
SetFileAttributesW
DeleteFileW
MoveFileW
HeapFree
HeapAlloc
HeapReAlloc
InterlockedDecrement
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
ExitProcess
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
HeapSize
GetLocaleInfoW

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
strf
strt
usvc
uvsz

Sharing

General

Malware Config

Signatures

Files

80758ef9099f83d728d1a6d4f86bf811

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 68KB

.rsrc Size: 68KB - Virtual size: 67KB

cd2ca0b4572b55135f0abf5c544af64d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 19KB - Virtual size: 183KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 68KB

.rsrc
Size: 68KB - Virtual size: 67KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 19KB - Virtual size: 183KB

.rsrc
Size: 48KB - Virtual size: 47KB