d5bf88774e2b1679834dba31c92a9490_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5bf88774e2b1679834dba31c92a9490_JaffaCakes118
Size

1.0MB
MD5

d5bf88774e2b1679834dba31c92a9490
SHA1

de533551fd9b0dc159b277fd15d602bff7bbc0bc
SHA256

09c384fe5c91a972122b9496094dbe7b5d4787ee231fc299a6254bf68c985125
SHA512

c73c1ffa2c7bcc2922f0328ab2fe3c22566cb2462abe6d07a525c47debfbd50315e722ba669c964a33e2b7ef622e426f9431c980b6cbd51976db9eeec6f5612c
SSDEEP

12288:VCesUwM+/kImZslOOhQL8yDzrUMEA1MYLN0CCR1MK380vFQj4D1xB7kdkUkJ5e/W:VCM+jLrQHrUy7NXyZs0vFQsZdMr5I7B

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Stress_Prime_2004/ORTHOS.exe
unpack001/Stress_Prime_2004/worker.dll

Files

d5bf88774e2b1679834dba31c92a9490_JaffaCakes118
.zip
Stress_Prime_2004/ORTHOS.exe
.exe windows:4 windows x86 arch:x86

ffc543ffbe2b21c748d024529179be15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

worker

?WorkerInitialize@@YAXKH@Z
?WorkerInitializeCallbacks@@YAXP6AHXZP6AXKPAD@ZP6AXXZ@Z
?selfTestWorker@@YAHKK@Z
?WorkerInitializeTestInfo@@YAXPAU_TESTINFO@@@Z
?WorkerInitializePriority@@YAXH@Z

msvcrt

__set_app_type
_adjust_fdiv
__p__fmode
__p__commode
__getmainargs
__setusermatherr
_initterm
_exit
_acmdln
_XcptFilter
exit
_controlfp
ceil
_CIpow
strstr
floor
_ftime
strcat
_except_handler3
atol
fopen
strcmp
_stat
fclose
strchr
fgets
time
_chdir
malloc
_open
sprintf
_read
_unlink
_write
_close
free
strlen
_stricmp
memset
realloc
_commit
iswdigit
strrchr
strcpy
_beginthreadex
??3@YAXPAX@Z
memcpy
memcmp
_ftol
??2@YAPAXI@Z
atoi
memmove

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

kernel32

InterlockedIncrement
QueryPerformanceFrequency
GetModuleHandleA
HeapDestroy
GetTimeFormatA
FlushInstructionCache
GetProcessAffinityMask
DeleteCriticalSection
GetCurrentThreadId
SetPriorityClass
SetThreadPriority
Beep
MulDiv
GetSystemInfo
WaitForMultipleObjects
GetTempPathA
SetCurrentDirectoryA
GetFileAttributesA
GetTickCount
GetCommandLineW
GetModuleFileNameA
GlobalFree
InitializeCriticalSection
SetCurrentDirectoryW
HeapFree
lstrlenA
lstrcpynA
MapViewOfFile
GetProcessHeap
OpenFileMappingA
UnmapViewOfFile
GetCurrentProcess
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
EnterCriticalSection
SystemTimeToFileTime
InterlockedExchange
FlushFileBuffers
LeaveCriticalSection
CreateFileA
SetFilePointer
CloseHandle
lstrcpyA
lstrcatA
GetStartupInfoA
QueryPerformanceCounter
GetVersionExA
GetCurrentProcessId
WriteFile
GetCurrentThread
SetThreadAffinityMask
InterlockedDecrement
GetDateFormatA
GlobalMemoryStatus

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

user32

ScreenToClient
GetDlgCtrlID
SetWindowLongA
GetWindowRect
DefWindowProcA
SendMessageA
PostMessageA
RegisterWindowMessageA
IsIconic
MonitorFromRect
GetWindowPlacement
ReleaseDC
GetDC
PeekMessageA
DispatchMessageA
TranslateMessage
EndDialog
SetWindowPlacement
SetCursor
UpdateWindow
RedrawWindow
EnableWindow
IsWindowVisible
GetSysColor
FlashWindowEx
keybd_event
SetWindowTextA
DestroyMenu
TrackPopupMenu
wsprintfA
SetParent
GetSubMenu
LoadMenuA
GetCursorPos
SetForegroundWindow
GetLastActivePopup
MessageBeep
LoadCursorA
ShowWindow
SetTimer
KillTimer
LoadImageA
GetSystemMetrics
LoadIconA
SendDlgItemMessageA
GetParent
CheckDlgButton
SetDlgItemInt
MessageBoxA
IsDlgButtonChecked
GetDlgItemInt
SetFocus
GetClientRect
MoveWindow
MapWindowPoints
GetWindowLongA
GetFocus
SetRectEmpty
CreateWindowExA
DestroyWindow
IsWindow
SetWindowPos
SystemParametersInfoA
GetWindow
ReleaseCapture
RegisterClassExA
GetClassInfoExA
BeginPaint
EndPaint
GetMessagePos
GetCapture
SetCapture
PtInRect
CallWindowProcA
GetWindowDC
DrawEdge
FillRect
GetActiveWindow
DialogBoxParamA
InvalidateRect
SetMenuItemInfoA
SetMenuDefaultItem
GetDlgItem

gdi32

SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
SetBkColor
SetTextColor
GetDeviceCaps
CreateFontIndirectA
CreateBitmap
PatBlt
CreateSolidBrush

shell32

Shell_NotifyIconA
CommandLineToArgvW

comctl32

InitCommonControlsEx

winmm

PlaySoundA

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_GWDATA
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Stress_Prime_2004/worker.dll
.dll windows:4 windows x86 arch:x86

62646fc8e3e28ddb5dd2cdd49cbae8c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_ftol
_chdir
fclose
fgets
strchr
fopen
malloc
_stat
strcmp
strcat
atol
strlen
time
floor
_CIpow
_except_handler3
strstr
_ftime
exit
_controlfp
_initterm
_adjust_fdiv
strcpy
_read
sprintf
free
memcpy
_open
_write
_commit
_close
_unlink
memmove
realloc
ceil
_stricmp

kernel32

QueryPerformanceCounter
GlobalMemoryStatus
QueryPerformanceFrequency
SetPriorityClass
GetCurrentThread
GetCurrentProcess
SetThreadAffinityMask
GetVersionExA
SetThreadPriority
GetCurrentThreadId
DisableThreadLibraryCalls
GetCurrentProcessId

Exports

Exports

?WorkerInitialize@@YAXKH@Z
?WorkerInitializeCallbacks@@YAXP6AHXZP6AXKPAD@ZP6AXXZ@Z
?WorkerInitializePriority@@YAXH@Z
?WorkerInitializeTestInfo@@YAXPAU_TESTINFO@@@Z
?selfTestWorker@@YAHKK@Z

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_GWDATA
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffc543ffbe2b21c748d024529179be15

Headers

DLL Characteristics

File Characteristics

Imports

worker

msvcrt

ole32

oleaut32

kernel32

advapi32

user32

gdi32

shell32

comctl32

winmm

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 10KB - Virtual size: 12KB

_GWDATA Size: 58KB - Virtual size: 57KB

.rsrc Size: 9KB - Virtual size: 9KB

62646fc8e3e28ddb5dd2cdd49cbae8c2

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 11KB

_GWDATA Size: 46KB - Virtual size: 45KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 10KB - Virtual size: 12KB

_GWDATA
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 11KB

_GWDATA
Size: 46KB - Virtual size: 45KB