cbb83942a491fb2a99a1125b931a2eeb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cbb83942a491fb2a99a1125b931a2eeb_JaffaCakes118
Size

435KB
MD5

cbb83942a491fb2a99a1125b931a2eeb
SHA1

36c6089c3d8f98d250a726dbe866a562b869cc18
SHA256

9213c135dcaacb7d7a0890b436d11573eeeefde21791dcc1c75b642ab33d79e6
SHA512

3813821de3dd7d9cd491caf09c6a468449ab00001ae61fc6f481750c08b9bb61034e1af26898e7930fcefdd03393ec3122a8c18e958ca75a1127ddb984dbef86
SSDEEP

12288:M73WrBVlf5PVxxhBKjiG4dchcG1YHtRJjrck:MjY/D9x7BKj4dZuG3Jjrt

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VwMeter/DeLib.dll
unpack001/VwMeter/VwMeter.exe
unpack001/VwMeter/VwUpdate.exe

Files

cbb83942a491fb2a99a1125b931a2eeb_JaffaCakes118
.rar
VwMeter/DeLib.dll
.dll windows:4 windows x86 arch:x86

9182043e6ae86978cf9f94d994779c0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileSize
SetFileAttributesA
GetFileAttributesA
OpenFileMappingA
GetVersion
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileSectionA
MultiByteToWideChar
Sleep
CreateFileMappingA
MapViewOfFile
VirtualQuery
CreateProcessA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetVersionExA
GetCurrentProcess
GetVolumeInformationA
GetSystemInfo
UnmapViewOfFile
GetModuleFileNameA

user32

ExitWindowsEx
SetForegroundWindow
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetParent

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
DeregisterEventSource
ReportEventA
RegisterEventSourceA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
ControlService
StartServiceA
OpenProcessToken

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

PathIsDirectoryA
StrTrimA
PathFileExistsA
SHGetValueA

msvcrt

??2@YAPAXI@Z
iscntrl
malloc
_initterm
_adjust_fdiv
isalnum
sprintf
memchr
isalpha
isdigit
_strnicmp
strchr
atoi
_mbsupr
_mbschr
_memicmp
_mbsstr
strpbrk
??3@YAXPAX@Z
_snprintf
_splitpath
_mbslwr
_except_handler3
fclose
fopen
_makepath
_mbspbrk
_mbsicmp
_snwprintf
__CxxFrameHandler
free
sscanf

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

Netbios

ws2_32

inet_ntoa
WSAStartup
gethostname
inet_addr
WSACleanup
gethostbyname

Exports

Exports

delib_alloc_share_memory
delib_change_fileext
delib_copy_text_to_clipboard
delib_create_process
delib_extract_file_from_resource
delib_extract_fileext
delib_extract_filename
delib_extract_filepath
delib_file_exists
delib_get_all_locipaddr
delib_get_casecookie_value
delib_get_chr_count
delib_get_cookie_value
delib_get_cpuid
delib_get_crc32
delib_get_file_mapbuffer
delib_get_file_md5
delib_get_file_size
delib_get_file_versionA
delib_get_file_versionW
delib_get_fileinfo_from_url
delib_get_hdisk_serialnumber
delib_get_ipaddr_value_from_string
delib_get_local_ipaddr
delib_get_mac_address
delib_get_modulefile_path
delib_get_os_type_string
delib_get_processor_number
delib_get_resource_buffer
delib_get_shellsystype
delib_get_string_md5
delib_get_string_systemtime
delib_get_systemtime_from_string
delib_get_top_window
delib_get_url_decode
delib_get_url_encode
delib_get_window_tempdir
delib_ini_parse_section_lineex
delib_is_debug
delib_is_match_with_pattern
delib_is_valid_ipaddr
delib_is_valid_systemtime
delib_is_window_nt4
delib_isexist_w3svc
delib_lauch_iebrowser
delib_open_share_memory
delib_parse_url
delib_report_systemevent
delib_run_block_process
delib_set_file_writable
delib_shutdown_system
delib_split_string
delib_start_w3svc
delib_stop_w3svc

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VwMeter/DeLibSys32test.dll
VwMeter/Lang/Chinese-Simplified.ini
VwMeter/Lang/Chinese-Traditional.ini
VwMeter/Lang/English-US.ini
VwMeter/Lang/French.ini
VwMeter/Lang/Korean.ini
VwMeter/VwMeter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 35KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VwMeter/VwUpdate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 22KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VwMeter/VwUpdate.ini
VwMeter/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9182043e6ae86978cf9f94d994779c0b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcrt

version

netapi32

ws2_32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1020B

Headers

File Characteristics

Sections

Size: 35KB - Virtual size: 80KB

Size: 10KB - Virtual size: 20KB

Size: 2KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 32KB

Size: 512B - Virtual size: 4KB

.data Size: 240KB - Virtual size: 240KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 22KB - Virtual size: 44KB

Size: 8KB - Virtual size: 16KB

Size: 2KB - Virtual size: 8KB

.rsrc Size: 16KB - Virtual size: 220KB

Size: 512B - Virtual size: 4KB

.data Size: 224KB - Virtual size: 228KB

.adata Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1020B

.rsrc
Size: 2KB - Virtual size: 32KB

.data
Size: 240KB - Virtual size: 240KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 220KB

.data
Size: 224KB - Virtual size: 228KB

.adata
Size: - Virtual size: 4KB