eb045f70fe77e497c48d9f46ee2c55d2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb045f70fe77e497c48d9f46ee2c55d2_JaffaCakes118
Size

5.9MB
MD5

eb045f70fe77e497c48d9f46ee2c55d2
SHA1

809a1887ede0890b6591cb5e9b9a3347b762ce84
SHA256

f521bed7644775f719997e0fd1d087faeb41bdb9db9bd69237aaa5528bee760b
SHA512

50fe6a481132f591b9376ca3867122481a2cd4c855c72049cb49dc2a877cb93d05beceba5e18e4327df5d5fff9355ad0f2d25e24ac772e76ed088930ba6d3ee9
SSDEEP

98304:q+/nXcIJ5iktO3CugdQTctsxqDOoNHUxO1wdexasQ2PyIs4ERazIMgeNJcIFxJ4+:z/LJ5it3u8cixqLUxOmIxbQayIs4caUg

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/аврора/aurora.dll
unpack001/аврора/injector.exe

Files

eb045f70fe77e497c48d9f46ee2c55d2_JaffaCakes118
.rar
аврора/ARage.ini
аврора/AuroraLegit.ini
аврора/aurora.dll
.dll windows:6 windows x86 arch:x86

7f76b6e5993c2373c1b12db893fdf5d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
K32EnumProcessModules
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
VirtualProtect
CloseHandle
WriteConsoleA
ReadConsoleA
SetConsoleMode
AttachConsole
FreeConsole
AllocConsole
MultiByteToWideChar
GetCurrentProcessId
SetStdHandle
GetStdHandle
ReadConsoleW
GetConsoleMode
GetEnvironmentVariableW
GlobalMemoryStatus
ConvertThreadToFiber
ConvertFiberToThread
TerminateProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CreateThread
GlobalLock
GlobalUnlock
GlobalAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount64
GetFullPathNameA
MulDiv
FindNextFileA
GetCurrentProcess
FindNextFileW
FindFirstFileW
CreateFiber
DeleteFiber
SwitchToFiber
WriteFile
SystemTimeToFileTime
GetSystemTime
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
WaitForSingleObjectEx
FormatMessageA
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
SetLastError
GetLastError
FreeLibrary
GetCommandLineA
FindFirstFileA
K32GetModuleInformation
GetModuleHandleW
FindClose
Sleep
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
VirtualQuery
GetModuleHandleA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateDirectoryA
K32GetModuleBaseNameA

user32

CallWindowProcW
FillRect
SetRect
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetProcessWindowStation
FlashWindowEx
GetCapture
SetCapture
ReleaseCapture
GetClientRect
SetCursorPos
SetCursor
ClientToScreen
LoadCursorW
MessageBoxW
GetUserObjectInformationW
GetKeyState
MessageBoxA
SetWindowLongW

gdi32

ExtTextOutW
CreateDIBSection
GetTextMetricsW
SetTextColor
SetMapMode
SetBkColor
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontA
CreateCompatibleDC
CreateBrushIndirect

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptSignHashW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptDecrypt
RegQueryValueExA
RegOpenKeyExA
CryptExportKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptEnumProvidersW

msvcp140

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?bad@ios_base@std@@QBE_NXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bios_base@std@@QBE_NXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
_Query_perf_counter
_Query_perf_frequency
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Xtime_get_ticks
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??0_Lockit@std@@QAE@H@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ

ws2_32

WSAGetLastError
socket
setsockopt
send
WSAStartup
ntohl
select
htonl
recv
freeaddrinfo
WSACleanup
sendto
gethostname
__WSAFDIsSet
WSASetLastError
bind
getpeername
getsockname
connect
closesocket
recvfrom
ioctlsocket
getsockopt
htons
ntohs
WSAIoctl
getaddrinfo
accept
listen

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext

wldap32

ord35
ord79
ord30
ord143
ord46
ord211
ord200
ord60
ord50
ord41
ord22
ord33
ord26
ord27
ord32
ord301

normaliz

IdnToAscii

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

winmm

PlaySoundA

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140

memcmp
strrchr
__std_type_info_destroy_list
_except_handler4_common
memchr
__CxxFrameHandler3
_CxxThrowException
__std_type_info_name
__RTDynamicCast
__std_exception_destroy
__std_exception_copy
strstr
memset
memmove
memcpy
_purecall
wcsstr
__std_type_info_compare
strchr
__std_terminate

api-ms-win-crt-runtime-l1-1-0

terminate
signal
raise
_exit
strerror_s
abort
strerror
_initterm_e
_cexit
__sys_nerr
_beginthreadex
_getpid
_initterm
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_errno
_seh_filter_dll
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

realloc
_aligned_malloc
malloc
free
calloc
_callnewh
_aligned_free

api-ms-win-crt-string-l1-1-0

isdigit
strcspn
strspn
isalpha
isalnum
_strnicmp
_strdup
tolower
isspace
_stricmp
strncpy_s
strcat
isupper
strcpy
toupper
isprint
islower
isgraph
strncpy
strncmp
wcscmp
strcat_s
strcmp
strlen
towlower
strcpy_s
strpbrk
isxdigit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
fputs
__acrt_iob_func
__stdio_common_vsprintf
fopen
fseek
ftell
_get_stream_buffer_pointers
fclose
fflush
_wfopen
ungetc
fopen_s
fgetc
fgetpos
fputc
ferror
feof
_lseeki64
fread
_read
fsetpos
_setmode
_fseeki64
__stdio_common_vsprintf_s
_fileno
fwrite
fgets
_write
_close
setvbuf
_open
__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

_strtoi64
strtol
strtod
strtoll
atof
atoi
_strtoui64
strtoul
strtoull

api-ms-win-crt-utility-l1-1-0

labs
rand
qsort
ldiv

api-ms-win-crt-math-l1-1-0

atan2
atan
_fdtest
fmod
acos
asin
ceil
fmaxf
_dtest
_dsign
sqrt
pow
sin
fabs
cos
floor
_except1
fminf

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_unlock_file
_fstat64
_stat64i32
_stat64

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.9MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
аврора/injector.exe
.exe windows:6 windows x86 arch:x86

246ab0ca8645a7641a1d6e2072a5fac7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\2015-load-library-injector\Release\injector.pdb

Imports

kernel32

GetFullPathNameA
CloseHandle
GetLastError
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
Process32Next
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

vcruntime140

memset
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfscanf
__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_narrow_environment
__p___argc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_exit
exit
_initterm_e
_initterm
_configure_narrow_argv
_set_app_type
_seh_filter_exe
system
_get_initial_narrow_environment
__p___argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f76b6e5993c2373c1b12db893fdf5d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

ws2_32

crypt32

wldap32

normaliz

d3dx9_43

wininet

winmm

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 4.9MB - Virtual size: 12.4MB

.rsrc Size: 229KB - Virtual size: 229KB

.reloc Size: 209KB - Virtual size: 209KB

246ab0ca8645a7641a1d6e2072a5fac7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 396B

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 4.9MB - Virtual size: 12.4MB

.rsrc
Size: 229KB - Virtual size: 229KB

.reloc
Size: 209KB - Virtual size: 209KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 396B