17a68c2593c65255392109379f18827b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17a68c2593c65255392109379f18827b_JaffaCakes118
Size

504KB
MD5

17a68c2593c65255392109379f18827b
SHA1

89bc57a583b0a3151df991c5459937ab6c72037f
SHA256

d1d15fb47dd27782a490b8f7aac56ca713fca50603e54642f5ef4e2b1beb8b72
SHA512

5f2abc0316fae6d6463bc2e107a27eb3cd02cfdfaa8de6dbfe993595d41c04a5e9536a56ba0b2f172a35d424d77c33c40ed5ffab836ef1af76f8f35cfaff9812
SSDEEP

12288:UhOdYJFAgBv3r+TMP10fWdNHWWWF0eLLeM5ynFAJM:USaFAgBv3r+TMP106N2WW9LSM5yniJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
17a68c2593c65255392109379f18827b_JaffaCakes118
unpack001/.rsrc/0/BIN/DLL

Files

17a68c2593c65255392109379f18827b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

878ad052f4d7e1e5120e968a45b8c3f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
SetUnhandledExceptionFilter
GetModuleFileNameA
ExpandEnvironmentStringsA
lstrlenA
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
ExitProcess
LoadLibraryA
lstrcatA
GetLastError
GetModuleHandleA
GetProcAddress
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

advapi32

CloseServiceHandle
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

strchr
memset
fclose
fwrite
fopen
??2@YAPAXI@Z
memcpy
strstr
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_CxxThrowException
__CxxFrameHandler
strlen
_except_handler3

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc/0/BIN/DLL
.dll windows:4 windows x86 arch:x86

38ac6c7fc120de16f1a0ecf8f100d75f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
lstrcpyA
InterlockedExchange
CancelIo
Sleep
GetTickCount
GetProcAddress
LoadLibraryA
FreeLibrary
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
WriteFile
MoveFileA
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
ExitProcess
GetCurrentProcess
GetVersion
DeviceIoControl
WriteProcessMemory
VirtualAllocEx
OpenProcess
MoveFileExA
GetLocalTime
ExpandEnvironmentStringsA
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalAlloc
GlobalSize
CreatePipe
WaitForMultipleObjects
GlobalMemoryStatusEx
GetSystemInfo
ReleaseMutex
OpenEventA
SetUnhandledExceptionFilter
Process32First
GetCurrentThreadId
RaiseException

msvcrt

strlen
strstr
strcat
strcmp
memcmp
_CxxThrowException
rand
putchar
strcpy
puts
sprintf
strncpy
strchr
malloc
free
_except_handler3
strrchr
_ftol
wcscpy
strncat
realloc
atol
wcstombs
_beginthreadex
calloc
_purecall
vsprintf
??1type_info@@UAE@XZ
ceil
memmove
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
memset
_strnicmp
_strnset
_strcmpi

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

oleaut32

SysFreeString

Exports

Exports

main
silenceMain
yaya

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

game
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc/2052/BITMAP/109.bmp
.rsrc/2052/CURSOR/1
.rsrc/2052/DIALOG/106
.rsrc/2052/DIALOG/108
.rsrc/2052/GROUP_CURSOR/111
.rsrc/2052/MANIFEST/1
.xml
.rsrc/2052/MENU/107
.rsrc/2052/MENU/108
.rsrc/2052/string.txt
.rsrc/2052/version.txt
.rsrc_1
.text

Sharing

General

Malware Config

Signatures

Files

878ad052f4d7e1e5120e968a45b8c3f4

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 495KB - Virtual size: 495KB

38ac6c7fc120de16f1a0ecf8f100d75f

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

oleaut32

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 399KB

game Size: 2KB - Virtual size: 1KB

.rodata Size: 11KB - Virtual size: 10KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 10KB - Virtual size: 471KB

.CRT Size: 512B - Virtual size: 56B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 495KB - Virtual size: 495KB

.text
Size: 400KB - Virtual size: 399KB

game
Size: 2KB - Virtual size: 1KB

.rodata
Size: 11KB - Virtual size: 10KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 10KB - Virtual size: 471KB

.CRT
Size: 512B - Virtual size: 56B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 19KB - Virtual size: 18KB