130e123d6f537b42481c916d0e13f046_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

130e123d6f537b42481c916d0e13f046_JaffaCakes118
Size

270KB
MD5

130e123d6f537b42481c916d0e13f046
SHA1

190684ab056ce405524a015e8367984eef1db7b0
SHA256

b247b9bf6d6ffb456265fd7670db0506c7379192df9622022069b0cd96e87704
SHA512

ba2cccb12e13326214b27dc476dad7f3e39973e4367d5b3a1a8599eb77127a0e10c1b7ccb5caaadc40ac11d5f1f05aee330c7954182dd3e1f47975cc856e961f
SSDEEP

6144:Uv1ZbgR0/Vxu1g+a/ko/+ymQVtWphD+iLiZqY+BUoEBEjMcWM:y13u1gFZIQVspzBpBUo/jb

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/MSRC4Plugin.dsm	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/MSRC4Plugin.dsm	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MSRC4Plugin.dsm
unpack002/out.upx
unpack001/Run.exe
unpack001/rssvnc.exe
unpack001/vnchooks.dll

Files

130e123d6f537b42481c916d0e13f046_JaffaCakes118
.7z
Invoice.htm
.html
Logo.gif
.gif
MSRC4Plugin.dsm
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Description
FreeBuffer
GetParams
Reset
RestoreBuffer
SetParams
Shutdown
Startup
TransformBuffer

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Run.exe
.exe windows:4 windows x86 arch:x86

eb0953543d4d36c07d7980e110ec862e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLineInputStr
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
__vbaGetFxStr4
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaBoolErrVar
ord660
ord661
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
ord662
__vbaLenVar
ord558
__vbaVargVarCopy
_adj_fdiv_m32
__vbaAryVar
ord666
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
__vbaCyErrVar
ord592
__vbaVarPow
__vbaForEachCollObj
__vbaVarForInit
ord593
__vbaExitProc
ord300
ord594
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
ord599
ord306
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaFPFix
ord522
ord309
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaErase
ord631
__vbaNextEachCollObj
__vbaVargVarMove
ord525
ord632
__vbaVarCmpGt
__vbaChkstk
ord526
__vbaFileClose
__vbaCyVar
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaStrCmp
ord529
__vbaCyI2
__vbaGet4
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCySub
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
ord568
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
__vbaR4ErrVar
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaR8ErrVar
__vbaFailedFriend
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
ord532
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaDateVar
ord535
__vbaLsetFixstrFree
ord536
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaVarSetObj
ord681
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
__vbaDerefAry1
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaFpCy
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
ord613
__vbaFpI2
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaAryCopy
__vbaI2ErrVar
ord618
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
__vbaR8IntI4
ord619
__vbaI4Cy
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Settings.dat
logo.bmp
rc4.key
rssvnc.exe
.exe .vbs windows:4 windows x86 arch:x86 polyglot

74164d037514638c90b4df23a3294384

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
accept
gethostname
WSAGetLastError
recv
send
getsockname
getpeername
inet_addr
listen
ioctlsocket
connect
htons
htonl
bind
shutdown
closesocket
socket
setsockopt
WSACleanup
WSAStartup

winmm

timeGetTime

kernel32

CloseHandle
CreateFileA
DeviceIoControl
Sleep
Beep
GetCurrentThreadId
GetSystemDirectoryA
GetSystemTime
FlushFileBuffers
CreateDirectoryA
MoveFileA
SetErrorMode
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
SetFilePointer
ReadFile
WriteFile
SetFileTime
SystemTimeToFileTime
SetEndOfFile
GetVersionExA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
SetProcessShutdownParameters
TerminateProcess
CreateProcessA
ReleaseMutex
CreateMutexA
GetStdHandle
AllocConsole
MoveFileExA
FormatMessageA
SetLastError
WriteConsoleA
OutputDebugStringA
GetCurrentProcessId
OpenProcess
SearchPathA
GlobalFree
TlsGetValue
TlsFree
TlsAlloc
DuplicateHandle
GetLastError
TlsSetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
DeleteFileA
FreeLibrary
CopyFileA
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
GetVersion
GetModuleHandleA
lstrlenA
GetCurrentProcess
GetStartupInfoA
GetProfileStringA
GetComputerNameA
ResumeThread
CreateThread
IsBadWritePtr
IsBadReadPtr

user32

GetProcessWindowStation
GetUserObjectInformationA
ExitWindowsEx
EnableWindow
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
EnableMenuItem
DestroyMenu
LoadMenuA
ToAscii
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
PeekMessageA
GetMenuItemID
WaitMessage
IsIconic
WaitForInputIdle
GetParent
GetClipboardOwner
GetClipboardData
GetForegroundWindow
IsWindowVisible
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
SetClipboardViewer
IsWindow
EnumWindows
GetWindowTextA
OpenDesktopA
FindWindowA
GetClassNameA
ChangeClipboardChain
DestroyWindow
GetDesktopWindow
WindowFromPoint
GetWindowRect
RegisterWindowMessageA
mouse_event
InvalidateRect
wsprintfA
GetKeyboardState
keybd_event
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetCursorPos
SetCursorPos
GetDC
ReleaseDC
EnumDisplaySettingsA
GetDlgItemTextA
SetFocus
EndDialog
SetWindowTextA
LoadStringA
DialogBoxParamA
GetScrollInfo
PostMessageA
SetDlgItemTextA
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
SystemParametersInfoA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
KillTimer
PostQuitMessage
SetTimer
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
GetSystemMetrics
SetWindowPos
IsRectEmpty
LoadImageA
EnumDesktopWindows

gdi32

BitBlt
CreatePalette
GetBitmapBits
GetObjectA
RealizePalette
CreateDIBSection
SelectPalette
SetDIBColorTable
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
ExtEscape
GetSystemPaletteEntries
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
DeleteDC
GetDIBits
CreateDCA
GdiFlush
StretchBlt
DeleteObject

shell32

Shell_NotifyIconA
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoCreateInstance

advapi32

OpenProcessToken
RegCreateKeyExA
RevertToSelf
DuplicateToken
ImpersonateLoggedOnUser
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

_ismbcdigit
atoi
_mbsicmp
memcpy
strcpy
strrchr
strlen
strcat
??3@YAXPAX@Z
__CxxFrameHandler
sprintf
memset
strstr
strcmp
malloc
free
printf
strncpy
memmove
sscanf
__dllonexit
strncat
strchr
tolower
??2@YAPAXI@Z
abs
calloc
fflush
_fdopen
_dup2
_open_osfhandle
_onexit
_exit
_XcptFilter
fclose
_iob
_acmdln
__getmainargs
_initterm
__setusermatherr
_vsnprintf
ctime
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_purecall
strncmp
_snprintf
time
fgets
fopen
exit
setbuf
_beginthreadex
_endthreadex
fprintf
realloc
memcmp
_strdup
_strnicmp
_CxxThrowException
_stricmp

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Sections

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vnchooks.dll
.dll windows:4 windows x86 arch:x86

d292fb49052583a662f72508f13cbc5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetClientRect
PostMessageA
FindWindowA
GetWindowRect
PostThreadMessageA
GetUpdateRgn
ClientToScreen
IsWindowVisible
GetCursor
GetPropA
SetPropA
CallNextHookEx
EnumWindows
RemovePropA
SetWindowsHookExA
UnhookWindowsHookEx
RegisterWindowMessageA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

gdi32

GetRegionData
DeleteObject
CreateRectRgn

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
LCMapStringW
LeaveCriticalSection
Sleep
GetModuleFileNameA
GetModuleHandleA
GlobalAddAtomA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Exports

Exports

HooksType
SetHooks
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHooks

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

eb0953543d4d36c07d7980e110ec862e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 448KB - Virtual size: 445KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 3KB

74164d037514638c90b4df23a3294384

Headers

File Characteristics

Imports

wsock32

winmm

kernel32

user32

gdi32

shell32

version

comctl32

ole32

advapi32

msvcrt

msvcp60

Sections

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 194KB - Virtual size: 209KB

.rsrc Size: 18KB - Virtual size: 17KB

d292fb49052583a662f72508f13cbc5b

Headers

File Characteristics

Imports

user32

advapi32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.SharedD Size: 4KB - Virtual size: 36B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 448KB - Virtual size: 445KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 3KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 194KB - Virtual size: 209KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.SharedD
Size: 4KB - Virtual size: 36B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB