da84addb78bc02df98b1bd5e136af2f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da84addb78bc02df98b1bd5e136af2f7_JaffaCakes118
Size

60KB
MD5

da84addb78bc02df98b1bd5e136af2f7
SHA1

f3d11858b049ec4121506518bbc346ca66cf5e2c
SHA256

baf44f4a3bbc614f4383df3821a58144de78dc1bd54f0949ab08ad385f2ddbf4
SHA512

ecc138086917e2a17b8f658df3942e9d5ee4b6062a30c4fc0bf1c5aac8e0c2d7325a0435c35377d986c4e542a481f503ec99e3d10d94ccde3462c79cd50e1576
SSDEEP

1536:jIKzWIh56W5JguWFL44IRqUlJxS8LY5ANN62BS:fzW/W574INJk8LtNN6QS

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DetectElockVersion.exe
unpack002/Ni2Untelock61.exe
unpack003/TestMutexOrig.exe
unpack003/TestMutexPacked.exe
unpack004/Ni2Untelock70.exe
unpack005/TestMutexOrig.exe
unpack005/TestMutexPacked.exe
unpack006/Ni2Untelock71.exe
unpack007/Ni2Untelock71b.exe

Files

da84addb78bc02df98b1bd5e136af2f7_JaffaCakes118
.zip
DetectElockVersion.asm
DetectElockVersion.exe
.exe windows:4 windows x86 arch:x86

e82a806d848c20fa2ad09353436f1258

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateFileA
CreateFileMappingA
ExitProcess
GetModuleHandleA
MapViewOfFile
CloseHandle

user32

MessageBoxA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 891B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ni2Untelock61.zip
.zip
Ni2Untelock61.asm
Ni2Untelock61.exe
.exe windows:4 windows x86 arch:x86

8badfb897f9c63e01307975490066aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CopyFileA
CreateFileA
CreateFileMappingA
ExitProcess
GetFileSize
GetModuleHandleA
GetProcAddress
LoadLibraryA
CloseHandle
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrcpyA

user32

MessageBoxA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TestMutex.zip
.zip
Readme2.txt
TestMutexOrig.asm
TestMutexOrig.exe
.exe windows:4 windows x86 arch:x86

2ab4da4c8bfb30e30cf645a304f89c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetLastError
CreateMutexA

user32

MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 355B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TestMutexPacked.exe
.exe windows:4 windows x86 arch:x86

500ff1538958cc73738bf0c262a1773f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA

user32

MessageBoxA

Sections

6070702
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8950643
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6246550
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0112637
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt
Ni2Untelock70.zip
.zip
Ni2Untelock70.asm
Ni2Untelock70.exe
.exe windows:4 windows x86 arch:x86

8badfb897f9c63e01307975490066aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CopyFileA
CreateFileA
CreateFileMappingA
ExitProcess
GetFileSize
GetModuleHandleA
GetProcAddress
LoadLibraryA
CloseHandle
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrcpyA

user32

MessageBoxA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TestMutex.zip
.zip
Readme2.txt
TestMutexOrig.asm
TestMutexOrig.exe
.exe windows:4 windows x86 arch:x86

2ab4da4c8bfb30e30cf645a304f89c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetLastError
CreateMutexA

user32

MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 355B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TestMutexPacked.exe
.exe windows:4 windows x86 arch:x86

500ff1538958cc73738bf0c262a1773f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA

user32

MessageBoxA

Sections

2913393
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6736396
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1350510
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5714102
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt
Ni2Untelock71.zip
.zip
Ni2Untelock71.exe
.exe windows:4 windows x86 arch:x86

8badfb897f9c63e01307975490066aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CopyFileA
CreateFileA
CreateFileMappingA
ExitProcess
GetFileSize
GetModuleHandleA
GetProcAddress
LoadLibraryA
CloseHandle
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrcpyA

user32

MessageBoxA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
Ni2Untelock71b.zip
.zip
Ni2Untelock71b.exe
.exe windows:4 windows x86 arch:x86

8badfb897f9c63e01307975490066aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CopyFileA
CreateFileA
CreateFileMappingA
ExitProcess
GetFileSize
GetModuleHandleA
GetProcAddress
LoadLibraryA
CloseHandle
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrcpyA

user32

MessageBoxA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Readme.txt
protools.com
readme.txt

Sharing

General

Malware Config

Signatures

Files

e82a806d848c20fa2ad09353436f1258

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 371B

.data Size: 1KB - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 891B

.reloc Size: 512B - Virtual size: 258B

8badfb897f9c63e01307975490066aa8

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 512B - Virtual size: 371B

.data Size: 2KB - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 619B

2ab4da4c8bfb30e30cf645a304f89c80

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 371B

.data Size: 512B - Virtual size: 355B

.idata Size: 1024B - Virtual size: 618B

.reloc Size: 512B - Virtual size: 174B

500ff1538958cc73738bf0c262a1773f

Headers

File Characteristics

Imports

kernel32

user32

Sections

6070702 Size: 512B - Virtual size: 8KB

8950643 Size: 512B - Virtual size: 4KB

6246550 Size: 512B - Virtual size: 4KB

0112637 Size: 512B - Virtual size: 4KB

.data Size: 4KB - Virtual size: 8KB

8badfb897f9c63e01307975490066aa8

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 512B - Virtual size: 371B

.data Size: 3KB - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 654B

2ab4da4c8bfb30e30cf645a304f89c80

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 371B

.data Size: 512B - Virtual size: 355B

.idata Size: 1024B - Virtual size: 618B

.reloc Size: 512B - Virtual size: 174B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 371B

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 891B

.reloc
Size: 512B - Virtual size: 258B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 371B

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 619B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 371B

.data
Size: 512B - Virtual size: 355B

.idata
Size: 1024B - Virtual size: 618B

.reloc
Size: 512B - Virtual size: 174B

6070702
Size: 512B - Virtual size: 8KB

8950643
Size: 512B - Virtual size: 4KB

6246550
Size: 512B - Virtual size: 4KB

0112637
Size: 512B - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 8KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 371B

.data
Size: 3KB - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 654B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 371B

.data
Size: 512B - Virtual size: 355B

.idata
Size: 1024B - Virtual size: 618B

.reloc
Size: 512B - Virtual size: 174B

2913393
Size: 512B - Virtual size: 8KB

6736396
Size: 512B - Virtual size: 4KB

1350510
Size: 512B - Virtual size: 4KB

5714102
Size: 512B - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 8KB

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 526B

.reloc
Size: 512B - Virtual size: 448B

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 526B

.reloc
Size: 512B - Virtual size: 448B