fe50a6961d8b5029037161bfc3aad43a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe50a6961d8b5029037161bfc3aad43a_JaffaCakes118
Size

305KB
MD5

fe50a6961d8b5029037161bfc3aad43a
SHA1

2290453747142eb029efd97d527fb3b957ae76fe
SHA256

5b53b45109e8a8d694e1372ce22cdbc06be66c5ec604cc688162ed5765fd913a
SHA512

400bc6b1cc474fefb5ccdab74ac964680efada385ec813459c50525373eb45f6a11f0dc7a9d944726de9345af28db389dd8631307290eb31ad0a99ed7dc87d53
SSDEEP

6144:16nYthpvsYfLDPEpeQin9lYytRauPGf1bY3+aEminRDOyGBIpH3:cnohpv3DPEEQ23euPSYuh9R6yGeR

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Y!7-Booter/ACTSKIN4.OCX
unpack001/Y!7-Booter/AniGIF.ocx
unpack001/Y!7-Booter/Y!7-Booter.exe
unpack001/Y!7-Booter/YMSG12ENCRYPT.dll

Files

fe50a6961d8b5029037161bfc3aad43a_JaffaCakes118
.zip
Y!7-Booter/ACTSKIN4.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

43ee74685bc80bf1601e346af863a563

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

kernel32

GetVersion
QueryPerformanceCounter
WaitForSingleObject
Sleep
QueryPerformanceFrequency
GetWindowsDirectoryA
WriteFile
DebugBreak
HeapReAlloc
CreateFileA
GetTickCount
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
GetStringTypeW
CloseHandle
GetFileSize
ReadFile
GetCurrentProcess
DeleteFileA
GetCurrentThreadId
InterlockedDecrement
FlushInstructionCache
InterlockedIncrement
lstrcatA
LoadLibraryA
GetProcAddress
LeaveCriticalSection
lstrcpyA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetSystemInfo
HeapCreate
GetVersionExA
IsDBCSLeadByte
HeapAlloc
DisableThreadLibraryCalls
LoadLibraryExA
lstrcpynA
lstrcmpiA
HeapFree
GetLastError
CreateThread
SetFilePointer
TerminateProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
ExitProcess
HeapSize
GetStdHandle
RtlUnwind

user32

SystemParametersInfoA
GetDC
ReleaseDC
SetWindowTextA
GetSysColor
GetWindow
GetParent
CreateWindowExA
DestroyCaret
GetScrollInfo
ClientToScreen
GetUpdateRgn
GetClassNameA
SendMessageA
GetCursorPos
GetWindowRect
GetWindowRgn
SetCapture
SetScrollInfo
GetDesktopWindow
CallWindowProcA
SetFocus
BeginPaint
GetClientRect
EndPaint
InvalidateRect
IntersectRect
EqualRect
OffsetRect
IsRectEmpty
DrawTextA
IsWindow
DestroyWindow
TrackPopupMenu
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus
IsChild
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
UnionRect
PtInRect
GetKeyState
DefWindowProcA
RedrawWindow
EnableMenuItem
CallNextHookEx
GetMenuItemCount
SetMenuItemInfoA
GetMenuStringA
GetMenuItemInfoA
GetWindowDC
SendMessageTimeoutA
PostMessageA
EnumThreadWindows
EnumChildWindows
PeekMessageA
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadBitmapA
ShowWindow
SetMenu
GetMenuItemID
GetSubMenu
GetMenuState
GetActiveWindow
AdjustWindowRect
GetMenu
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
DrawIconEx
UpdateWindow
SetWindowRgn
SetWindowPos
ReleaseCapture
GetWindowLongA
SetWindowLongA
LoadStringA
CharNextA
LoadImageA
WindowFromDC
GetSystemMenu

gdi32

DeleteObject
OffsetRgn
CombineRgn
CreateRectRgn
CreateSolidBrush
SetBkColor
RectInRegion
SetViewportOrgEx
GetStockObject
SetTextColor
RestoreDC
DeleteDC
GetDeviceCaps
SetMapMode
SaveDC
SetWindowOrgEx
CreateDCA
BitBlt
LPtoDP
CreateCompatibleDC
GetObjectA
SelectObject
GetCurrentObject
CreateFontIndirectA
SelectClipRgn
CreateDIBSection
ExtCreateRegion
GetClipBox
SetBkMode
GetRegionData
PtInRegion
CreateRectRgnIndirect

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

shell32

ShellExecuteExA

ole32

OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
OleRegGetMiscStatus
OleLoadFromStream
CreateStreamOnHGlobal
StringFromCLSID
OleRegGetUserType
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorage
StgCreateDocfile
OleRegEnumVerbs
ProgIDFromCLSID

oleaut32

OleCreatePropertyFrame
OleCreateFontIndirect
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SysStringLen
SysAllocStringLen
VariantClear
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
VariantChangeType

comctl32

ImageList_Draw

Exports

Exports

?GetRegistrationInformation@@YGXPAD@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Y!7-Booter/AniGIF.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

ae70d01b0b0985ba365a633f49a647e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
lstrcmpA
GetLocalTime
lstrcatA
HeapDestroy
GetCurrentProcess
GetModuleFileNameA
GetCurrentThreadId
DebugBreak
LoadLibraryExA
CreateThread
lstrcpyA
LoadLibraryA
GetProcAddress
ExitProcess
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsSetValue
RtlUnwind
lstrlenA
GetStringTypeA
GetStringTypeW
TerminateProcess
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
TerminateThread
MultiByteToWideChar
lstrcpynA
DisableThreadLibraryCalls
MulDiv
lstrlenW
LockResource
LoadResource
FindResourceA
GlobalFree
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
CloseHandle
ReadFile
GetFileSize
CreateFileA
LocalFree
LocalAlloc
WideCharToMultiByte
lstrcmpiA
GetLastError
LCMapStringW
LCMapStringA
SizeofResource
FreeLibrary
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree

user32

MoveWindow
SetDlgItemInt
SetTimer
CreateDialogParamA
IsWindow
LoadStringA
MessageBoxA
SetWindowRgn
WinHelpA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItemInt
GetWindowRgn
SetClassLongA
GetDialogBaseUnits
SetFocus
LoadCursorA
GetCursorPos
DialogBoxParamA
SetWindowTextA
EndDialog
CreateWindowExA
CallWindowProcA
GetClassInfoExA
wsprintfA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
InvalidateRect
CharNextA
SetDlgItemTextA
GetDlgItem
GetWindowRect
UnionRect
PtInRect
ShowWindow
DestroyWindow
KillTimer
GetKeyState
ReleaseDC
FillRect
GetDC
SendMessageA
DefWindowProcA
SetCursor
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowPos
GetParent

gdi32

GetRgnBox
SetWindowExtEx
RestoreDC
DeleteObject
DeleteDC
BitBlt
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
ExtCreateRegion
GetTextExtentPointA
GetTextMetricsA
CreateFontIndirectA
GetDeviceCaps
LineTo
MoveToEx
CreateDCA
LPtoDP
SetMapMode
SetViewportOrgEx
CreateMetaFileA
SaveDC
SetWindowOrgEx
CreatePen
CreateDIBitmap
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateBitmap
SetStretchBltMode
StretchBlt
GetRegionData
CreateRectRgn

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegQueryInfoKeyA

ole32

CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
CoTaskMemRealloc
CreateStreamOnHGlobal
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarI4FromStr
OleLoadPicture
OleCreatePictureIndirect
VariantClear
SysStringLen
SysAllocStringLen
VariantInit
SysFreeString
OleTranslateColor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Y!7-Booter/AniGIF2.lic
Y!7-Booter/Read ME First.txt
Y!7-Booter/The pakfun Inc.url
.url
Y!7-Booter/Y!7-Booter.exe
.exe windows:4 windows x86 arch:x86

48091d2d27291aa99a7dc85b0a0c6b46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
ord593
ord594
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVarTstLt
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
ord535
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
ord616
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Y!7-Booter/YMSG12ENCRYPT.dll
.dll windows:4 windows x86 arch:x86

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord4486
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord6375
ord3830
ord4274
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
malloc
strchr
isalpha
isdigit
sprintf
realloc
strncmp
strcspn
strncpy
free

kernel32

LocalFree
LocalAlloc

Exports

Exports

YMSG12_ScriptedMind_Encrypt

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43ee74685bc80bf1601e346af863a563

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 88KB - Virtual size: 86KB

.reloc Size: 20KB - Virtual size: 16KB

ae70d01b0b0985ba365a633f49a647e9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 12KB - Virtual size: 10KB

48091d2d27291aa99a7dc85b0a0c6b46

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 368KB - Virtual size: 365KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 822B

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 88KB - Virtual size: 86KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 368KB - Virtual size: 365KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 822B