14ebb31f68bd9e1d0e4c80b4e1414c8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14ebb31f68bd9e1d0e4c80b4e1414c8c_JaffaCakes118
Size

144KB
MD5

14ebb31f68bd9e1d0e4c80b4e1414c8c
SHA1

6f27a50e0cc5a0a8c9227d668ff335fbce8b5b20
SHA256

bdf640dbcba156c1f3c0f3f825fa4baf55d7bd93494c1ebd43ededce046b162b
SHA512

704b24da09a750cf32d745c8331181dedb0f521250560874f0d103b743e4eff2acae2638e66e608b9435ad101dd9d5d706597a88da5e365f0376f8d4968d99d4
SSDEEP

3072:B3l3fVxW3LzmtWuMxWxjRiGIqbnF+IGbNkFvep1iF8ccDxHqeOvKuaOmFprlOS:xlfVQ3LzmzhjRiGI+nFnGbNdiNctHcST

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SoZIP/soup.exe
unpack001/SoZIP/sozip.exe

Files

14ebb31f68bd9e1d0e4c80b4e1414c8c_JaffaCakes118
.rar
SoZIP/readme.txt
SoZIP/soup.exe
.exe windows:4 windows x86 arch:x86

02cd49d0c542de0f10d58cc67549c186

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord567
ord825
ord818
ord4275
ord1233
ord5261
ord755
ord470
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6215
ord823
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord1105
ord1138
ord2976
ord765
ord800
ord941
ord537
ord858
ord924
ord540
ord939
ord860
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord807
ord796
ord674
ord554
ord529
ord366
ord2494
ord2627
ord2626
ord6000
ord2117
ord6625
ord4457
ord4163
ord5252
ord5981
ord4427
ord1168
ord3402
ord3698
ord2370
ord2302
ord6199
ord6334
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord2086
ord6055
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_chdir
_mkdir
strlen
_stricmp
strcmp
strncpy
strcat
_setmbcp
sprintf
memset
__CxxFrameHandler
_mbsrchr
strcpy
strstr
_controlfp

kernel32

ReleaseMutex
WaitForSingleObject
WinExec
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
GetSystemDefaultLangID
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
CloseHandle
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetVersionExA
GetModuleHandleA
GetProcAddress
CopyFileA
CreateMutexA
GetSystemTime

user32

KillTimer
MessageBoxA
UpdateWindow
FindWindowA
SetTimer
LoadCursorA
EnableWindow
SendMessageA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

urlmon

URLDownloadToFileA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoZIP/sozip.exe
.exe windows:4 windows x86 arch:x86

d33f0a978207351d8ed93be204b4c3a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
CreateThread
ExitThread
GetACP
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
CompareStringA
CompareStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
RaiseException
RtlUnwind
GetProfileStringA
SetErrorMode
GetCurrentDirectoryA
WritePrivateProfileStringA
SizeofResource
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
FindNextFileA
FindFirstFileA
FindClose
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
GlobalAlloc
lstrcmpA
GetCurrentThread
GlobalFree
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
SetLastError
lstrcpynA
MulDiv
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDiskFreeSpaceA
SetVolumeLabelA
GetTickCount
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
ExitProcess
HeapAlloc
lstrcpyA
GetModuleHandleA
GetProcessHeap
HeapFree
GetLastError
GetLogicalDrives
GetProcAddress
FreeLibrary
GetFileType
LoadLibraryA

user32

RegisterClipboardFormatA
PostThreadMessageA
EnableMenuItem
GetNextDlgTabItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SendMessageA
DrawFocusRect
GetSysColor
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
CharToOemBuffA
OemToCharBuffA
PostMessageA
IsIconic
GetSystemMetrics
DrawIcon
FindWindowA
GetSystemMenu
AppendMenuA
GetDlgItem
SetWindowLongA
GetWindowLongA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetMenuItemCount
CreateCursor
SetCursor
GetClientRect
BeginPaint
GetWindowTextA
DrawTextA
EndPaint
CallWindowProcA
InvalidateRect
UpdateWindow
EnableWindow
LoadIconA
DrawIconEx
IsWindowUnicode
CopyRect
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
CharUpperA
DestroyMenu
LoadStringA
MapDialogRect
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
PostQuitMessage
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GrayStringA
TabbedTextOutA
GetWindowDC
ClientToScreen
GetDC
ReleaseDC
InflateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
RegisterWindowMessageA
ModifyMenuA
DestroyWindow
SetMenuItemBitmaps
CheckMenuItem

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
Escape
GetTextColor
GetBkColor
LPtoDP
RestoreDC
SaveDC
DeleteDC
DPtoLP
ExtTextOutA
PatBlt
GetMapMode
GetDeviceCaps
CreateBitmap
GetClipBox
DeleteObject
SetTextColor
SetBkColor
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Destroy
ImageList_Create
ImageList_Duplicate

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

VariantClear
SysFreeString
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
SysAllocStringLen

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoZIP/upv.dat
readme.txt
安装软件.bat

Sharing

General

Malware Config

Signatures

Files

02cd49d0c542de0f10d58cc67549c186

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

urlmon

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

d33f0a978207351d8ed93be204b4c3a3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 28KB - Virtual size: 27KB