eaa118ae68eb6aa0faf18e0fce2e0b68_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eaa118ae68eb6aa0faf18e0fce2e0b68_JaffaCakes118
Size

2.9MB
MD5

eaa118ae68eb6aa0faf18e0fce2e0b68
SHA1

63c0065c84bf6a904ea4a85948be06a8d59c4795
SHA256

2a9c16ed751ec14359f49d25b2f529185f692355ce608c1946eed89261ae1c20
SHA512

2b874d6fc48c1d66fd6150a65a7556b91b6464fa834c1b6dd5a54be4cccdea1a896fbc78cbff923d1ce2dd64a62f77225e43ab52147785128cd8aae9570b0e90
SSDEEP

24576:S5IAOcsOD9gg87AaMJOv+M0K8v++tmtakAESMOwdLy0yMAi6kD9UjFNrTmant4t1:sI/kM9MInR+pUypi6rhxmR6ptkZoRLDu

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/pIRC/Uninstall.exe
unpack002/pIRC/mirc.exe
unpack002/pIRC/sys/display.dll

Files

eaa118ae68eb6aa0faf18e0fce2e0b68_JaffaCakes118
.eml
IRC for o541 by PARTIZANcheg.rar
.rar
pIRC/ALANTA-Ltd.-IRC/#541.20071220.log
pIRC/ALANTA-Ltd.-IRC/#LiveForSpeed.20071220.log
pIRC/ALANTA-Ltd.-IRC/#games.20071220.log
pIRC/IRC Intro.hlp
pIRC/Mirc.hlp
pIRC/Readme.txt
pIRC/Uninstall.exe
.exe windows:4 windows x86 arch:x86

74c8bf4a938fcfd1da0d91e7d39ead48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegSetValueExA

gdi32

StretchDIBits

user32

WaitMessage

shell32

ShellExecuteExA

ole32

OleInitialize

winmm

timeKillEvent

comctl32

ImageList_Draw

cabinet

FDIDestroy

Sections

CODE
Size: 41KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pIRC/Uninstall.ini
pIRC/about.txt
pIRC/addrbk.ini
pIRC/control.ini
pIRC/ircintro.hlp
pIRC/logs/ALANTA-Ltd.-IRC/#541.20071220.log
pIRC/mirc.exe
.exe windows:4 windows x86 arch:x86

bcad26832962a299c99085dbf5617031

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeSetEvent
timeKillEvent
mciGetErrorStringA
timeGetDevCaps
mixerClose
mixerSetControlDetails
mciGetDeviceIDA
mciSendStringA
timeBeginPeriod
sndPlaySoundA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerGetControlDetailsA

wsock32

recvfrom
sendto
getsockname
bind
WSACleanup
socket
listen
inet_addr
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSACancelAsyncRequest
ntohl
gethostname
recv
send
htons
connect
WSAGetLastError
accept
WSAAsyncSelect
shutdown
closesocket
ioctlsocket
htonl
setsockopt
WSASetLastError
WSAStartup
ntohs

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

comctl32

ImageList_AddMasked
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

kernel32

CreateEventA
GetSystemDefaultLangID
GetLocaleInfoA
GetSystemDefaultLCID
GetWindowsDirectoryA
GlobalFree
GlobalAlloc
GlobalUnlock
lstrcatA
lstrcpyA
lstrlenA
lstrcatW
lstrlenW
GlobalLock
lstrcpyW
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
QueryDosDeviceA
GetFileType
CreateFileA
GetFileAttributesA
WinExec
WriteFile
MulDiv
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
_lwrite
_lclose
_hwrite
GlobalSize
OpenFile
_hread
_llseek
_lopen
SetThreadPriority
GetCurrentProcess
GetCurrentThreadId
SetFilePointer
GetLastError
ReadFile
SetEndOfFile
FlushFileBuffers
WaitForSingleObject
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
lstrcmpA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SetErrorMode
FindCloseChangeNotification
Sleep
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
GetShortPathNameA
CompareFileTime
GetFileTime
ReleaseMutex
CreateMutexA
GetTimeZoneInformation
LocalAlloc
LocalReAlloc
LocalFree
lstrcpynA
GetTempPathA
SizeofResource
GetSystemTimeAsFileTime
CreateThread
TlsGetValue
TlsSetValue
ExitThread
HeapFree
HeapAlloc
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleA
TerminateProcess
RtlUnwind
LoadLibraryA
GetProcAddress
FreeLibrary
SetEvent
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
FindResourceA
LoadResource
LockResource
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
EnterCriticalSection
SetConsoleCtrlHandler
DeleteFileA
MoveFileA
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TlsFree
SetLastError
TlsAlloc
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
SetEnvironmentVariableW
VirtualProtect
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
InitializeCriticalSection
SetStdHandle
GetCurrentProcessId
HeapSize
CompareStringA
CompareStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
RemoveDirectoryA
GetACP
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDiskFreeSpaceA
CreateDirectoryA

user32

DdeAccessData
DdeQueryStringA
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
CallWindowProcA
SetKeyboardState
GetKeyboardState
ToAscii
ScrollDC
DrawIconEx
GetMessageA
GetWindowThreadProcessId
ClipCursor
FlashWindow
ShowScrollBar
CharLowerBuffA
CharLowerA
GetWindowDC
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
VkKeyScanA
GetKeyboardLayout
CopyAcceleratorTableA
MapVirtualKeyA
CallNextHookEx
GetCapture
GetSystemMetrics
SystemParametersInfoA
RedrawWindow
PeekMessageA
DefMDIChildProcA
GetMenuState
IsMenu
RemoveMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemID
TrackPopupMenu
GetMenuCheckMarkDimensions
RegisterWindowMessageA
SetWindowsHookExA
LoadAcceleratorsA
DispatchMessageA
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
IsDialogMessageA
GetForegroundWindow
LoadMenuA
PostQuitMessage
DefFrameProcA
RegisterClassExA
UnhookWindowsHookEx
ChildWindowFromPoint
ValidateRect
InvertRect
DefWindowProcA
DrawFrameControl
RegisterClassA
CreateIconIndirect
FindWindowExA
FindWindowA
SetScrollInfo
EqualRect
DdeUnaccessData
WindowFromPoint
ScreenToClient
CreateMenu
SetActiveWindow
GetWindow
GetMenuStringA
GetCursorPos
GetFocus
GetAsyncKeyState
GetWindowLongA
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
CloseClipboard
SetClipboardData
GetWindowTextLengthA
GetWindowTextA
WinHelpA
LoadStringA
MessageBeep
GetTopWindow
IsZoomed
GetActiveWindow
IsWindow
IsCharAlphaNumericA
GetDesktopWindow
IsIconic
GetDialogBaseUnits
SetDlgItemInt
GetDlgItemInt
GetSystemMenu
CheckMenuItem
LoadCursorA
SetCursor
CreatePopupMenu
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
AppendMenuA
DrawMenuBar
FrameRect
FillRect
DestroyIcon
LoadImageA
SetWindowTextA
GetClientRect
GetParent
DrawFocusRect
GetSysColor
CheckDlgButton
IsWindowEnabled
GetKeyState
IsDlgButtonChecked
BeginPaint
EndPaint
SendMessageA
LoadBitmapA
InvalidateRect
UpdateWindow
KillTimer
EndDialog
SetRect
SetFocus
PostMessageA
PtInRect
LoadIconA
DdeFreeDataHandle
DdeNameService
DdeUninitialize
DdeDisconnect
DdeFreeStringHandle
DialogBoxParamA
IsChild
InsertMenuA
ModifyMenuA
GetNextDlgTabItem
EnableMenuItem
ChildWindowFromPointEx
GetScrollPos
GetScrollRange
ClientToScreen
SetScrollPos
EnableWindow
ShowWindow
MoveWindow
SetWindowPos
SetTimer
wsprintfA
SetMenu
CreateWindowExA
SetScrollRange
GetIconInfo
DrawIcon
GetDlgCtrlID
DrawTextA
SetCapture
ReleaseCapture
GetWindowPlacement
SetWindowPlacement
BringWindowToTop
SetForegroundWindow
SendDlgItemMessageA
GetDC
GetDlgItem
GetWindowRect
MapWindowPoints
ReleaseDC
IsWindowVisible
CreateDialogParamA
DestroyWindow
GetClassNameA
CopyRect
SetWindowLongA

gdi32

CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
SelectClipRgn
CombineRgn
CreateRectRgn
GetNearestColor
GetDeviceCaps
GetTextExtentPointA
CreateFontIndirectA
GetDIBits
CreateDIBitmap
ExtFloodFill
CreatePatternBrush
Rectangle
RoundRect
StretchBlt
GetStockObject
SetROP2
SetBkMode
EnumFontFamiliesExA
GetTextCharset
PtInRegion
CreatePolygonRgn
Polyline
SetPixel
ExcludeClipRect
CreateBitmap
PatBlt
StretchDIBits
SetWindowOrgEx
GetObjectType
TextOutA
DeleteDC
SetStretchBltMode
SetBrushOrgEx
CreateCompatibleDC
BitBlt
GetObjectA
CreateFontA
CreateSolidBrush
CreateHatchBrush
GetTextMetricsA
SetTextColor
SetBkColor
ExtTextOutA
DeleteObject
SelectObject
Ellipse
GetPixel
SetPixelV

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
ChooseColorA

advapi32

RegEnumKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconA
SHBrowseForFolderA
SHFileOperationA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
DragQueryPoint
DragQueryFileA
DragFinish
ExtractIconExA
ExtractIconA
FindExecutableA
ShellExecuteA
DragAcceptFiles

ole32

ProgIDFromCLSID
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleUninitialize

oleaut32

SetErrorInfo
LoadRegTypeLi
DispGetParam
VarR8FromCy
VarR8FromDate
VarCyFromR8
VarDateFromR8
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pIRC/mirc.ini
pIRC/pIRC.hlp
pIRC/perform.ini
pIRC/pirc.chm
.chm
pIRC/pirc.ini
pIRC/proxy4.txt
pIRC/proxy5.txt
pIRC/skins/Fox1.Irc/C.jpg
.jpg
pIRC/skins/Fox1.Irc/H1.jpg
.jpg
pIRC/skins/Fox1.Irc/H2.jpg
.jpg
pIRC/skins/Fox1.Irc/H3.jpg
.jpg
pIRC/skins/Fox1.Irc/L1.jpg
.jpg
pIRC/skins/Fox1.Irc/L2.jpg
.jpg
pIRC/skins/Fox1.Irc/L3.jpg
.jpg
pIRC/skins/Fox1.Irc/M.jpg
.jpg
pIRC/skins/Fox1.Irc/Thumbs.db
pIRC/skins/Fox1.Irc/info.pts
pIRC/skins/Fox1.Irc/u.bmp
pIRC/skins/Fox2.Irc/C.jpg
.jpg
pIRC/skins/Fox2.Irc/H1.jpg
.jpg
pIRC/skins/Fox2.Irc/H2.jpg
.jpg
pIRC/skins/Fox2.Irc/H3.jpg
.jpg
pIRC/skins/Fox2.Irc/L1.jpg
.jpg
pIRC/skins/Fox2.Irc/L2.jpg
.jpg
pIRC/skins/Fox2.Irc/L3.jpg
.jpg
pIRC/skins/Fox2.Irc/M.jpg
.jpg
pIRC/skins/Fox2.Irc/Thumbs.db
pIRC/skins/Fox2.Irc/info.pts
pIRC/skins/Fox2.Irc/u.bmp
pIRC/skins/Thumbs.db
pIRC/sounds/Привет.wav
pIRC/sys/aliases.pts
.vbs
pIRC/sys/aproxy.bmp
pIRC/sys/aproxy.pts
.vbs
pIRC/sys/aproxy2.bmp
pIRC/sys/bindilka.pts
pIRC/sys/censor.pts
pIRC/sys/display.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

pdisplay

Sections

CODE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pIRC/sys/extended_modes.pts
pIRC/sys/floodprotect.pts
pIRC/sys/help.pts
pIRC/sys/ico/edit.ico
pIRC/sys/ico/err.ico
pIRC/sys/ico/give1.bmp
pIRC/sys/ico/give2.bmp
pIRC/sys/ico/icon.ico
pIRC/sys/ico/info.ico
pIRC/sys/ico/main.ico
pIRC/sys/ico/new1.bmp
pIRC/sys/ico/new2.bmp
pIRC/sys/ico/send1.bmp
pIRC/sys/ico/send2.bmp
pIRC/sys/ico/warn.ico
pIRC/sys/img/logo.jpg
.jpg
pIRC/sys/img/no flood.jpg
.jpg
pIRC/sys/ircopmodule.pts
.js
pIRC/sys/main.pts
pIRC/sys/main2.pts
.vbs
pIRC/sys/mat.txt
pIRC/sys/modes_restorator.pts
.js
pIRC/sys/not_mat.txt
pIRC/sys/options.pts
.js
pIRC/sys/perform.pts
.vbs
pIRC/sys/popup_chan.pts
.js
pIRC/sys/popup_chat.pts
pIRC/sys/popup_menubar.pts
pIRC/sys/popup_nicklist.pts
.js
pIRC/sys/popup_status.pts
pIRC/sys/psybnc.pts
pIRC/sys/scan.pts
.js
pIRC/sys/script1.pts
pIRC/sys/script2.pts
pIRC/sys/selfprotect.pts
pIRC/sys/servers.pts
pIRC/sys/serviceswenet.pts
pIRC/sys/slaps.pts
pIRC/sys/smiles.pts
pIRC/sys/sounds/Pager.wav
pIRC/sys/sounds/done.wav
pIRC/sys/sounds/drums.wav
pIRC/sys/sounds/mat.wav
pIRC/sys/sounds/op.wav
pIRC/sys/sounds/private_start.wav
pIRC/sys/start.logo.pts
pIRC/sys/start.pts
.vbs
pIRC/sys/statistic.pts
pIRC/sys/tablesimv.pts
pIRC/sys/topics.pts
pIRC/sys/urls.pts
pIRC/sys/variables.pts
pIRC/sys/virtkeyboard.pts
pIRC/Нажмите_чтобы_зарегистрировать_мирк.reg
email-plain-1.txt

Sharing

General

Malware Config

Signatures

Files

74c8bf4a938fcfd1da0d91e7d39ead48

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

gdi32

user32

shell32

ole32

winmm

comctl32

cabinet

Sections

CODE Size: 41KB - Virtual size: 116KB

.rsrc Size: 7KB - Virtual size: 8KB

bcad26832962a299c99085dbf5617031

Headers

File Characteristics

Imports

winmm

wsock32

version

mpr

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 16KB - Virtual size: 171KB

.rsrc Size: 252KB - Virtual size: 252KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 28KB - Virtual size: 27KB

DATA Size: 1024B - Virtual size: 1016B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 71B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

CODE
Size: 41KB - Virtual size: 116KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 16KB - Virtual size: 171KB

.rsrc
Size: 252KB - Virtual size: 252KB

CODE
Size: 28KB - Virtual size: 27KB

DATA
Size: 1024B - Virtual size: 1016B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 71B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB