2ce83274e07cab5c38d249aaa205f723_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ce83274e07cab5c38d249aaa205f723_JaffaCakes118
Size

166KB
MD5

2ce83274e07cab5c38d249aaa205f723
SHA1

1eaca12b6af559b2f7f4cc0c909dc5bc37fbd993
SHA256

a16db66f64e3fcf468673578fbf5760199976d5f73354449c53f376bd1473462
SHA512

fc968723967cdb9e9c169dc109b138b568a8ffadec2926cbafd2283b07680218ee20272435dc813bf7855fbe020d1e1b16af9b7a5246d93c83e4e06f73786b7c
SSDEEP

3072:GRITSeCcwBctWy0CC1ENSQwCiDnv2Dt0JXBM+WjNsDoPsR3dubWM44wUpdwFYAv:GyxnAy0SN41nv2DiJXBfWjNs6sJdrM4N

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ADVPACK.DLL
unpack001/BaiduBar.dll
unpack001/W95INF32.DLL

Files

2ce83274e07cab5c38d249aaa205f723_JaffaCakes118
.cab
ADVPACK.DLL
.dll windows:5 windows x86 arch:x86

1fd78d8d29fa386675a5a52b8be69185

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

user32

GetSystemMetrics
GetWindowRect
UpdateWindow
CharUpperA
CharToOemA
OemToCharA
DispatchMessageA
MsgWaitForMultipleObjects
ShowWindow
CreateDialogParamA
DestroyWindow
PeekMessageA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
EndDialog
DialogBoxParamA
MessageBeep
MessageBoxA
wsprintfA
CharPrevA
ExitWindowsEx
IsWindow
LoadStringA
CharNextA

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
DeleteObject

kernel32

GetPrivateProfileIntA
_lopen
GetVolumeInformationA
GetDiskFreeSpaceA
GetCurrentProcess
SetFileTime
GetFileTime
MulDiv
WritePrivateProfileSectionA
GetProfileStringA
ReadFile
GetSystemInfo
FindFirstFileA
GetProcAddress
GetLastError
FreeLibrary
lstrcpyA
lstrlenA
GetDriveTypeA
lstrcpynA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
SetFilePointer
LocalFree
LocalAlloc
GetModuleFileNameA
lstrcatA
IsBadReadPtr
DeleteFileA
LocalReAlloc
GetFileAttributesA
GetFullPathNameA
lstrcmpiA
FormatMessageA
FindClose
GetLocalTime
SearchPathA
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
LoadLibraryA
IsDBCSLeadByte
GetShortPathNameA
ExpandEnvironmentStringsA
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryExA
_lclose
_llseek
RemoveDirectoryA
FindNextFileA
GetFileSize
OpenFile
SetFileAttributesA
CreateDirectoryA
CreateProcessA
GetPrivateProfileSectionA
CopyFileA
UnmapViewOfFile
SetLastError
MapViewOfFileEx
CreateFileMappingA
MoveFileExA
MoveFileA

advapi32

RegQueryInfoKeyA
RegEnumKeyA
RegEnumValueA
RegDeleteKeyA
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
RegFlushKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
GetVersionFromFileEx
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
SetPerUserSecValues
TranslateInfString
TranslateInfStringEx
UserInstStubWrapper
UserUnInstStubWrapper

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BaiduBar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8effc4f4949a0e42f6d71c0bf61f7ccd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetCloseHandle
FindNextUrlCacheGroup
FindCloseUrlCache
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
GetUrlCacheEntryInfoA
FindFirstUrlCacheGroup
HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetSetFilePointer
HttpSendRequestA
HttpQueryInfoA
DeleteUrlCacheGroup
InternetReadFile

comctl32

ImageList_AddMasked

mfc42

ord6282
ord941
ord6930
ord4202
ord5710
ord6663
ord539
ord5572
ord2915
ord2841
ord2448
ord5450
ord5834
ord6394
ord3876
ord3021
ord6877
ord2411
ord2023
ord4218
ord2578
ord4398
ord6740
ord6502
ord4275
ord2379
ord6705
ord6784
ord6649
ord6283
ord6199
ord537
ord2764
ord6662
ord4278
ord4171
ord6311
ord860
ord535
ord4160
ord3873
ord2818
ord4224
ord1641
ord2121
ord2096
ord6612
ord2639
ord2414
ord3626
ord3571
ord4299
ord1146
ord1644
ord6605
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord4269
ord384
ord808
ord686
ord3731
ord4627
ord5277
ord2124
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3663
ord3396
ord2446
ord540
ord858
ord800
ord1131
ord2725
ord3953
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2107
ord2044
ord2985
ord5300
ord3346
ord1197
ord3136
ord1570
ord3259
ord3147
ord4465
ord5714
ord5289
ord2982
ord4698
ord4079
ord5307
ord2396
ord5199
ord5302
ord3922
ord1116
ord1089
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord5981
ord6215
ord6467
ord2864
ord818
ord567
ord823
ord825
ord1243
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1176
ord342
ord3262
ord3081
ord1182
ord1577
ord1168
ord1575

msvcrt

_strnicmp
_strlwr
wcslen
strncpy
_snprintf
strstr
fputs
fopen
fgets
fclose
wcscpy
wcscmp
memset
strrchr
srand
time
strcpy
memcmp
strlen
strchr
strcat
_stat
_purecall
free
malloc
realloc
_mbschr
atoi
fwrite
fseek
atol
_CxxThrowException
isxdigit
_mbscmp
isalnum
_mbsicmp
_strtime
fread
_vsnprintf
strcmp
printf
strncat
tolower
_endthread
_except_handler3
_local_unwind2
?terminate@@YAXXZ
_beginthread
_memicmp
??1type_info@@UAE@XZ
__dllonexit
_onexit
_adjust_fdiv
toupper
memcpy
__CxxFrameHandler
sprintf
rand
_isctype
isspace
_stricmp
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_strcmpi
_wcsnicmp
_wcsicmp
_initterm

kernel32

FreeLibrary
FlushInstructionCache
GetWindowsDirectoryA
GetCurrentProcess
WriteProcessMemory
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetCurrentThreadId
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
GetSystemDirectoryA
GetFileSize
GetProcessHeap
HeapAlloc
ReadFile
CloseHandle
MultiByteToWideChar
WriteFile
CreateDirectoryA
CreateFileA
GetLastError
WideCharToMultiByte
lstrlenW
GetUserDefaultLCID
InterlockedDecrement
InitializeCriticalSection
TlsAlloc
lstrcatA
lstrlenA
GetModuleFileNameA
RemoveDirectoryA
TlsFree
DeleteCriticalSection
InterlockedIncrement
HeapFree
GetSystemInfo
GetVersionExA
HeapCreate
GetShortPathNameA
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
GetFileAttributesA
LocalFree
FormatMessageA
DeleteFileA
GetTempFileNameA
GetTempPathA
MoveFileExA
GlobalFree
GlobalHandle
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcmpA
WritePrivateProfileStringA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
OutputDebugStringA
GetTickCount
CopyFileA
Sleep
LocalAlloc
VirtualProtect
VirtualAlloc
VirtualFree
VirtualQuery

user32

InvalidateRect
RedrawWindow
GetClassNameA
GetParent
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
SetWindowPos
InvalidateRgn
DestroyWindow
GetDlgItem
wsprintfA
CreateWindowExA
GetWindowRect
MessageBoxA
MapWindowPoints
GetWindowTextLengthA
GetWindowTextA
GetWindowLongA
EndPaint
OffsetRect
FindWindowA
DialogBoxParamA
GetKeyState
TranslateMessage
DispatchMessageA
SetCursor
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
EndDialog
GetSysColor
CopyRect
SystemParametersInfoA
ShowWindow
FindWindowExA
PostMessageA
IsWindow
SetWindowsHookExA
SendMessageA
CheckDlgButton
GetClientRect
UnhookWindowsHookEx
GetAsyncKeyState
GetFocus
SetFocus
EnableMenuItem
LoadBitmapA
GetActiveWindow
EnableWindow
InsertMenuA
CheckMenuItem
BeginPaint
FillRect
CallNextHookEx
CallWindowProcA
GetDC
ReleaseDC
IsChild
DialogBoxIndirectParamA
GetWindow
GetSubMenu
LoadMenuA
CharNextA
SetWindowTextA
SetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA

gdi32

GetDeviceCaps
GetStockObject
GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

advapi32

StartServiceA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
RegOpenKeyExA
RegDeleteValueA
CopySid
EnumDependentServicesA
ControlService
OpenSCManagerA
OpenServiceA
RegOpenKeyA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetMalloc
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleUninitialize
CoInitialize
CoUninitialize
OleLockRunning
StringFromCLSID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize

olepro32

ord253

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocString
VarUI4FromStr
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
GetErrorInfo

urlmon

CoInternetGetSession

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrStrIA
SHDeleteKeyA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?what@logic_error@std@@UBEPBDXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7logic_error@std@@6B@
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0bad_alloc@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
wctype
??1_Lockit@std@@QAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??1bad_alloc@std@@UAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0_Lockit@std@@QAE@XZ

Exports

Exports

?RegMatch@@YAJPBD0@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Uninstall

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
W95INF16.DLL
W95INF32.DLL
.dll windows:4 windows x86 arch:x86

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SUnMapLS_IP_EBP_16
SMapLS_IP_EBP_16
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_12
ThunkConnect32
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_8

user32

MessageBoxA

Exports

Exports

CtlSetLddPath32@8
GenFormStrWithoutPlaceHolders32@12
GenInstall32@20
GetSETUPXErrorText32@12
w95thk_ThunkData32

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.inf

Sharing

General

Malware Config

Signatures

Files

1fd78d8d29fa386675a5a52b8be69185

Headers

File Characteristics

Imports

ntdll

user32

gdi32

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

8effc4f4949a0e42f6d71c0bf61f7ccd

Headers

File Characteristics

Imports

wininet

comctl32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

urlmon

setupapi

version

shlwapi

msvcp60

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 20KB - Virtual size: 52KB

.idata Size: 16KB - Virtual size: 14KB

.rsrc Size: 60KB - Virtual size: 56KB

.reloc Size: 20KB - Virtual size: 18KB

5f75d18fe563266a560ac1f72bd4cae2

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 400B

.rdata Size: 512B - Virtual size: 247B

.data Size: 512B - Virtual size: 173B

.idata Size: 512B - Virtual size: 320B

.rsrc Size: 1024B - Virtual size: 908B

.reloc Size: 512B - Virtual size: 92B

.text
Size: 69KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 20KB - Virtual size: 52KB

.idata
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 60KB - Virtual size: 56KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 512B - Virtual size: 400B

.rdata
Size: 512B - Virtual size: 247B

.data
Size: 512B - Virtual size: 173B

.idata
Size: 512B - Virtual size: 320B

.rsrc
Size: 1024B - Virtual size: 908B

.reloc
Size: 512B - Virtual size: 92B