369a04cc5ac8b42b1a94bee38b19d99d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

369a04cc5ac8b42b1a94bee38b19d99d_JaffaCakes118
Size

233KB
MD5

369a04cc5ac8b42b1a94bee38b19d99d
SHA1

de13e5754dd0975960c44bce27f8609e08c1fe20
SHA256

77671bc7f81509cfe65dfec828e9e5510560dd59153a7938c471781cef315cb4
SHA512

c4b5791d9641e41e22a8420d7dac9158f5c737c595e6af1e46dbec0ce82daffc42a98122e099497969abb7b7704c5fc5c71cc6d57525946ef92519101cbd109a
SSDEEP

6144:BjVJbJlkB5i/yFVaGx9KDawGrJLDzc1lXc4F31e:lzFu5iavaGx9d5D41lsQ31e

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/System/bars.mdx
unpack001/System/ctl_gen.mdx
unpack001/System/mdx.dll
unpack001/System/system.dll
unpack001/System/views.mdx

Files

369a04cc5ac8b42b1a94bee38b19d99d_JaffaCakes118
.zip
Changes.txt
Readme.txt
System/Bmp/0.bmp
System/Bmp/1.bmp
System/Bmp/10.bmp
System/Bmp/11.bmp
System/Bmp/12.bmp
System/Bmp/13.bmp
System/Bmp/14.bmp
System/Bmp/15.bmp
System/Bmp/2.bmp
System/Bmp/3.bmp
System/Bmp/4.bmp
System/Bmp/5.bmp
System/Bmp/6.bmp
System/Bmp/7.bmp
System/Bmp/8.bmp
System/Bmp/9.bmp
System/Sfx/0.wav
System/Sfx/1.wav
System/Sfx/10.wav
System/Sfx/2.wav
System/Sfx/3.wav
System/Sfx/4.wav
System/Sfx/5.wav
System/Sfx/6.wav
System/Sfx/7.wav
System/Sfx/8.wav
System/Sfx/9.wav
System/Themes/Default.axt
System/Themes/None.axt
System/Themes/def-cqdbg.png
.png
System/Themes/def-pb.png
.png
System/Themes/def-sbbg.png
.png
System/Themes/def-tbbg.png
.png
System/Themes/none-pb.png
.png
System/alias1.mrc
.js
System/awaysys.mrc
.js
System/awmsgs.txt
System/axisupd.mrc
.js
System/bars.mdx
.dll windows:4 windows x86 arch:x86

e7b97747c8dfd2e31edb5c80dd0e24a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadImageA
GetKeyState
EnableWindow
GetClientRect
FillRect
LoadIconA
DestroyIcon
GetWindowLongA
DefWindowProcA
SendMessageA
InvalidateRect

gdi32

SelectObject
DeleteObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
StretchBlt

shell32

ExtractIconExA

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add
ImageList_Replace

msvcrt

??3@YAXPAX@Z
_stricmp
free
_initterm
??2@YAPAXI@Z
_itoa
_adjust_fdiv
strncpy
malloc
atoi

kernel32

DisableThreadLibraryCalls

Exports

Exports

getMDXHeader

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System/ctl_gen.mdx
.dll windows:4 windows x86 arch:x86

766a64a176560fc7f9009441e3bc8cf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
LoadLibraryA
DisableThreadLibraryCalls
CloseHandle
FreeLibrary
ReadFile

user32

SetWindowPos
SetWindowLongA
InvalidateRect
SetScrollPos
MessageBoxA
CreateWindowExA
MoveWindow
EnableWindow
GetCursorPos
ScreenToClient
SetScrollInfo
GetScrollInfo
GetScrollPos
DefWindowProcA
SendMessageA
GetWindowLongA
GetSysColor

comctl32

InitCommonControlsEx

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetMalloc

msvcrt

malloc
_initterm
free
wcslen
strncmp
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
strncpy
_adjust_fdiv
__dllonexit
_stricmp
_itoa
_onexit

Exports

Exports

getMDXHeader

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System/dialogs1.mrc
.js
System/dialogs2.mrc
System/events1.mrc
System/events2.mrc
.js
System/events3.mrc
.js
System/help.txt
System/icons.dat
System/kicks.txt
System/list.ini
System/list.mrc
.js
System/mdx.dll
.dll windows:4 windows x86 arch:x86

78f5e7cb9c8835d4c588249dfe8a8537

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameA

user32

EnableWindow
ShowWindow
SendMessageA
SetWindowPos
GetDlgCtrlID
GetWindow
MoveWindow
GetActiveWindow
GetWindowLongA
SetWindowLongA
GetDlgItem
GetClassNameA
CreateWindowExA
SetFocus
DestroyWindow
GetSysColorBrush
GetSysColor
CallWindowProcA
DestroyIcon
InvalidateRgn
RedrawWindow
GetClassLongA
EnumChildWindows
GetClientRect
GetWindowRect
ScreenToClient
PostMessageA
GetParent

gdi32

CreateBrushIndirect
CreateFontIndirectA
GetTextFaceA
GetTextMetricsA
DeleteDC
SetBkColor
SetTextColor
CreateCompatibleDC
DeleteObject
GetObjectA
SelectObject

shell32

ExtractIconExA

msvcrt

_itoa
_adjust_fdiv
malloc
_initterm
free
strncpy
strtol
atoi
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp

Exports

Exports

DLLInfo
GetFont
MarkDialog
MoveControl
Remove
SetBorderStyle
SetColor
SetControlMDX
SetDialog
SetFont
SetMDXStyle
SetMircVersion

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System/misc1.mrc
.js
System/motd.txt
System/popups1.ini
System/popups1.mrc
System/raw.mrc
.js
System/soundsys.mrc
.js
System/startup.mrc
.js
System/system.dll
.dll windows:4 windows x86 arch:x86

c315a153283f36e58ca539cb0bda5faa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetTickCount
GetProcAddress
GlobalMemoryStatus
FreeLibrary
Sleep
lstrcmpiA
GetVersionExA
FreeEnvironmentStringsW
WriteFile
VirtualAlloc
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
LoadLibraryA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
GetOEMCP
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CloseHandle

user32

ReleaseDC
GetDC
GetDesktopWindow

gdi32

GetDeviceCaps

advapi32

RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegCloseKey

Exports

Exports

connection
cpuinfo
meminfo
osinfo
rambar
screeninfo
uptime
version

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System/theme.mrc
.js
System/uptime.txt
System/vars.ini
System/views.mdx
.dll windows:4 windows x86 arch:x86

307dac9cb24d94f25c7e01f0f198f33c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

InvalidateRect
UpdateWindow
DefWindowProcA
SendMessageA
DestroyIcon
LoadIconA
GetWindowLongA

shell32

ExtractIconExA

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

msvcrt

atoi
free
_initterm
??2@YAPAXI@Z
_strnicmp
_itoa
_stricmp
_adjust_fdiv
??3@YAXPAX@Z
strncpy
malloc

kernel32

DisableThreadLibraryCalls

Exports

Exports

getMDXHeader

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 873B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mirc.ini

Sharing

General

Malware Config

Signatures

Files

e7b97747c8dfd2e31edb5c80dd0e24a5

Headers

File Characteristics

Imports

user32

gdi32

shell32

comctl32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 772B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 738B

766a64a176560fc7f9009441e3bc8cf3

Headers

File Characteristics

Imports

kernel32

user32

comctl32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 982B

78f5e7cb9c8835d4c588249dfe8a8537

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

c315a153283f36e58ca539cb0bda5faa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 8KB - Virtual size: 4KB

307dac9cb24d94f25c7e01f0f198f33c

Headers

File Characteristics

Imports

user32

shell32

comctl32

msvcrt

kernel32

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 772B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 738B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 982B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 873B

.data
Size: 1024B - Virtual size: 824B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 634B