060d7596fcc0b68558a2819e0417dd73_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

060d7596fcc0b68558a2819e0417dd73_JaffaCakes118
Size

384KB
MD5

060d7596fcc0b68558a2819e0417dd73
SHA1

e54f0f4d4a6a198a14474b8898d665755d59b1be
SHA256

170ca93e6f6264d4e1dbf806c3f6bc046d9a0084439964299967d9f990b593a2
SHA512

816b5582c67b83156980af2062d18c8214268dacf5e3dc9d2d270ffb1952f992ea5f6ada8408842e445e7444102d30d197570222d578e8ca63ef2f14dcf10b48
SSDEEP

12288:ZAqNNgbZbTka6u9NAqRdWmVba9pVBREKrKgeBn:yM2VbQnH4dW+ba9zHGgeBn

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3Dx_video.scr
unpack001/PLAYER.exe
unpack001/video_xxx.scr

Files

060d7596fcc0b68558a2819e0417dd73_JaffaCakes118
.rar
3Dx_video.scr
.exe windows:5 windows x86 arch:x86

be7b5d6c97f6c3553664ea31d87fa619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileA
DragFinish
ExtractIconW
ShellExecuteA
ExtractIconExW
Shell_NotifyIconW

ole32

CoSwitchCallContext
OleIsRunning
OleCreateFromFileEx
CoRevokeClassObject

advapi32

ObjectOpenAuditAlarmA
QueryServiceObjectSecurity
ImpersonateLoggedOnUser
ReportEventW
ObjectDeleteAuditAlarmW
AccessCheckByType
OpenBackupEventLogA

kernel32

SetStdHandle
CompareStringW
CloseHandle
HeapSize
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetConsoleTitleA
SetUnhandledExceptionFilter
FileTimeToSystemTime
FreeResource
GetVolumeNameForVolumeMountPointA
GetPrivateProfileSectionW
SizeofResource
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetTimeZoneInformation
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
Sleep
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryW
RaiseException
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLAYER.exe
.exe windows:5 windows x86 arch:x86

be7b5d6c97f6c3553664ea31d87fa619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileA
DragFinish
ExtractIconW
ShellExecuteA
ExtractIconExW
Shell_NotifyIconW

ole32

CoSwitchCallContext
OleIsRunning
OleCreateFromFileEx
CoRevokeClassObject

advapi32

ObjectOpenAuditAlarmA
QueryServiceObjectSecurity
ImpersonateLoggedOnUser
ReportEventW
ObjectDeleteAuditAlarmW
AccessCheckByType
OpenBackupEventLogA

kernel32

SetStdHandle
CompareStringW
CloseHandle
HeapSize
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetConsoleTitleA
SetUnhandledExceptionFilter
FileTimeToSystemTime
FreeResource
GetVolumeNameForVolumeMountPointA
GetPrivateProfileSectionW
SizeofResource
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetTimeZoneInformation
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
Sleep
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryW
RaiseException
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
video_xxx.scr
.exe windows:5 windows x86 arch:x86

be7b5d6c97f6c3553664ea31d87fa619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileA
DragFinish
ExtractIconW
ShellExecuteA
ExtractIconExW
Shell_NotifyIconW

ole32

CoSwitchCallContext
OleIsRunning
OleCreateFromFileEx
CoRevokeClassObject

advapi32

ObjectOpenAuditAlarmA
QueryServiceObjectSecurity
ImpersonateLoggedOnUser
ReportEventW
ObjectDeleteAuditAlarmW
AccessCheckByType
OpenBackupEventLogA

kernel32

SetStdHandle
CompareStringW
CloseHandle
HeapSize
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetConsoleTitleA
SetUnhandledExceptionFilter
FileTimeToSystemTime
FreeResource
GetVolumeNameForVolumeMountPointA
GetPrivateProfileSectionW
SizeofResource
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetTimeZoneInformation
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
Sleep
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryW
RaiseException
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be7b5d6c97f6c3553664ea31d87fa619

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

advapi32

kernel32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 162KB - Virtual size: 164KB

be7b5d6c97f6c3553664ea31d87fa619

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

advapi32

kernel32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 100KB - Virtual size: 104KB

be7b5d6c97f6c3553664ea31d87fa619

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

advapi32

kernel32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 162KB - Virtual size: 164KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 162KB - Virtual size: 164KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 100KB - Virtual size: 104KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 162KB - Virtual size: 164KB