f070bf1d01dc9eba1503e2c30dd2e898_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f070bf1d01dc9eba1503e2c30dd2e898_JaffaCakes118
Size

644KB
MD5

f070bf1d01dc9eba1503e2c30dd2e898
SHA1

7ac05f4ccb15786a8a4dbd184c7bce061a594025
SHA256

1bbbbf49d4cf8781f1b7df4aa93e9b258f08a128c126d9f3483af411de701377
SHA512

8b6b47b88c6e1200bcd328f4182844382715ecc3c33b2dd4a63db83050d46a403ded85882814454162186558f6340e702637d12e08b42af3c86d87ae26e505bc
SSDEEP

12288:/ky8P1aihM2cpNjpyA2Lype6qK8GegAXy3TKAkiCBIxY80ZnkPd+ehC:MpTKDpY+YpK8M3ZkRBf80ZqceA

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/benizara.exe

Files

f070bf1d01dc9eba1503e2c30dd2e898_JaffaCakes118
.zip
AddBenizaraTask.bat
DelBenizaraTask.bat
Dvorakz.bnz
NICOLAz.bnz
NICOLAz_ړ.bnz
README.pdf
.pdf
- https://www.linkedin.com/in/kenen-US-en-USichiroen-US-en-USayakien-US-en-US965b2a8a/en-US
README.txt
benizara.exe
.exe windows:5 windows x86 arch:x86

847c3746fe942bb10b09e9ad7a65deac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleBaseNameW
GetModuleFileNameExW

kernel32

FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
LockResource
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
ExitProcess
HeapAlloc
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
IsValidCodePage
TlsAlloc
TlsGetValue
SetHandleCount
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
RaiseException
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
TlsSetValue
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcessHeap
GetFullPathNameW
VirtualQuery

user32

GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
SetWindowTextW
IsWindowVisible
CheckMenuItem
LoadImageW
ChangeClipboardChain
GetMenuItemCount
LoadAcceleratorsW
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
VkKeyScanExW
GetSysColorBrush
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
GetSystemMenu
GetLastInputInfo
GetCursor
ClientToScreen
MessageBeep
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
SetClipboardViewer
DrawIconEx
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
SetRect
MapVirtualKeyExW
GetIconInfo
EnableMenuItem

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen

Sections

.text
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
benizara.ini

Sharing

General

Malware Config

Signatures

Files

847c3746fe942bb10b09e9ad7a65deac

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 630KB - Virtual size: 629KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 13KB - Virtual size: 40KB

.rsrc Size: 417KB - Virtual size: 416KB

.text
Size: 630KB - Virtual size: 629KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 13KB - Virtual size: 40KB

.rsrc
Size: 417KB - Virtual size: 416KB