37ab74db489a7b6df3ec3ca37272bd5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37ab74db489a7b6df3ec3ca37272bd5d_JaffaCakes118
Size

317KB
MD5

37ab74db489a7b6df3ec3ca37272bd5d
SHA1

1d514ed3cb1261d65f4e6d18d933a549f5b9bdf4
SHA256

e434051a4c95afbf6cc2a7c2d1b93c4ce9ca2171c17a51ab6a4aaf6afcb069f7
SHA512

c83ed7a7d897bcb3438209aaf2b758d6513b07af207aa9e3db1217392621ea3bf24d231e0f5cf26de90a4f3c9c08b9569e0f2a4bc0af7c664b395125f3de5c31
SSDEEP

6144:+FMWZE5uPOz3ou/nNpqbOj+AylcYEKBtLx5+4NIJvylyv7P+Zus3QXGSAhrrlwpM:3a2z4yn7qbOjElcPYLxc4NIJCyvj+ZlT

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iNFECTED/i-rgstp.exe
unpack001/iNFECTED/i-scldr.exe
unpack001/iNFECTED/storm.dll

Files

37ab74db489a7b6df3ec3ca37272bd5d_JaffaCakes118
.zip
File_id.diz
iNFECTED.nfo
iNFECTED/i-rgstp.exe
.exe windows:5 windows x86 arch:x86

36adf98bf14b958e200e7ac070c22d45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCanonicalizeA
StrFormatByteSizeW
StrFormatKBSizeW
PathStripToRootW

shell32

ord716

kernel32

FatalAppExitW
SetFileApisToOEM
CreateEventW
SetCommConfig
OpenEventW
SetHandleCount
SetFileTime
GetProfileStringW
TlsGetValue
CreateTimerQueue
SetupComm
FileTimeToDosDateTime
SetProcessWorkingSetSize
LoadLibraryW
WaitForSingleObjectEx
CreateDirectoryW
lstrcpynA
CreateMutexA
lstrcmpiW
GetLogicalDriveStringsA
DisconnectNamedPipe
RequestDeviceWakeup

user32

DlgDirListW
EndMenu
EnableWindow
ClipCursor
TileWindows
UnionRect
MapVirtualKeyA
ScrollDC
GetDC
GetScrollRange
EnumWindows
LoadBitmapA
CopyImage
DialogBoxIndirectParamW
ChangeMenuW
DragObject
IsCharUpperA
GetDlgItemTextA
LookupIconIdFromDirectory
EnumPropsW
SwapMouseButton
DestroyAcceleratorTable
LockWorkStation
LoadMenuIndirectW
CopyAcceleratorTableA
DrawTextExW
TranslateMessage
SetRect
InvalidateRect
GetAltTabInfoA
PeekMessageW
GetRawInputDeviceInfoA
GetTabbedTextExtentA
GetMenuContextHelpId
EnableScrollBar
PostThreadMessageW
MessageBoxW
MapWindowPoints
DispatchMessageW
GetTopWindow
GetWindowRect

gdi32

GetTextExtentPointW
GetMetaRgn
GetOutlineTextMetricsA
CreateBitmapIndirect
SetMetaFileBitsEx
AnimatePalette
GetBitmapBits
ScaleWindowExtEx
GetBrushOrgEx
SetLayout
EnumEnhMetaFile
AbortPath
ExtTextOutW
GetTextExtentExPointI
RealizePalette

advapi32

ClearEventLogA
InitializeAcl
AddAccessAllowedObjectAce
CopySid
GetCurrentHwProfileA
IsTextUnicode
AddAce

Exports

Exports

__SetPropW@12

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bmem
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedat
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iNFECTED/i-scldr.exe
.exe windows:1 windows x86 arch:x86

ae34c05cd079a5f0bd4cc8743d72dbb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
ExitProcess
CreateProcessA
ReadProcessMemory
SetUnhandledExceptionFilter
WriteProcessMemory
GetModuleHandleA

user32

MessageBoxA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LOAD
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
iNFECTED/install.txt
iNFECTED/storm.dll
.dll windows:4 windows x86 arch:x86

4c5de46144b7a7771d49d0db72fc902c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

_strupr
wcstombs
wcslen
setlocale
_vsnprintf
strpbrk
toupper
_fullpath
_purecall
vsprintf
memmove
qsort
_CIpow
_strlwr
_global_unwind2
_local_unwind2
strncmp
_strnicmp
strtol
strtoul
strstr
_stricmp
strrchr
isprint
strncpy
sprintf
_ftol

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
GetUserNameA

comdlg32

GetSaveFileNameA

gdi32

DeleteDC
CreateDIBitmap
DeleteObject
CreateRectRgn
CombineRgn
GdiFlush
GetRegionData
RectInRegion
GetStockObject
SetTextColor
GetCharABCWidthsA
SetBkMode
SelectObject
GetTextExtentPoint32A
SetTextAlign
GetCurrentObject
GetTextMetricsA
CreateCompatibleDC
CreateFontA
SetBkColor
SelectPalette
CreatePalette
GetSystemPaletteEntries
RealizePalette
SetPaletteEntries
GetDeviceCaps
GetDIBits
ExtTextOutA
Rectangle

kernel32

GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedDecrement
GetComputerNameA
GetLocalTime
GetModuleFileNameA
InterlockedIncrement
IsBadWritePtr
GetCurrentThread
GetLastError
GetCurrentProcess
IsBadReadPtr
GetModuleHandleA
VirtualQuery
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
GetCommandLineA
GetTickCount
MulDiv
GetCurrentProcessId
LockResource
LoadResource
FindResourceA
FreeResource
SizeofResource
ExitProcess
HeapFree
GetProcessHeap
GetCurrentThreadId
TerminateProcess
GetExitCodeProcess
GetVersion
GetFileAttributesA
CreateDirectoryA
OutputDebugStringA
FindClose
FindFirstFileA
FormatMessageA
HeapAlloc
SetLastError
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEvent
WaitForSingleObject
SetFilePointer
GetDiskFreeSpaceA
GetVolumeInformationA
GetDriveTypeA
SetThreadPriority
CreateThread
CreateEventA
VirtualFree
FlushFileBuffers
VirtualAlloc
GetSystemInfo
VirtualUnlock
FindNextFileA
SystemTimeToFileTime
GetSystemTime
VirtualLock
Sleep
CreateProcessA
DeleteFileA
GetACP
GetTempFileNameA

user32

DefDlgProcA
SendDlgItemMessageA
wsprintfA
LoadStringA
BeginPaint
SetClassLongA
GetClassLongA
GetUpdateRgn
GetWindowLongA
IsWindow
GetPropA
GetClassNameA
GetParent
GetClientRect
IsIconic
IsWindowVisible
GetDesktopWindow
GetWindow
IntersectRect
ClientToScreen
ShowCursor
GetCursorPos
GetTopWindow
ScreenToClient
GetWindowRect
PostMessageA
GetClassInfoA
RegisterClassA
LoadCursorA
DefWindowProcA
InvalidateRect
SetPropA
EndPaint
DrawTextA
GetWindowTextA
GetWindowTextLengthA
SendMessageA
GetDlgCtrlID
RemovePropA
SetWindowLongA
SetDlgItemTextA
CallWindowProcA
SetActiveWindow
GetActiveWindow
EnableWindow
IsWindowEnabled
ReleaseDC
GetDC
SetCursor
DrawFocusRect
DrawEdge
CreateWindowExA
SetFocus
DispatchMessageA
TranslateMessage
PostQuitMessage
PeekMessageA
ShowWindow
AdjustWindowRectEx
GetWindowThreadProcessId
GetFocus
EndDialog
DestroyWindow
IsDialogMessageA
GetDlgItem
FindWindowExA
LoadIconA
CreateCursor
GetSystemMetrics
MessageBoxA
GetForegroundWindow
DestroyCursor
GetMessageA
GetDlgItemTextA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36adf98bf14b958e200e7ac070c22d45

Headers

File Characteristics

Imports

shlwapi

shell32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.extext Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 332B

.bmem Size: 512B - Virtual size: 68B

.sedat Size: 1024B - Virtual size: 844B

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 2KB - Virtual size: 1KB

ae34c05cd079a5f0bd4cc8743d72dbb1

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.LOAD Size: 512B - Virtual size: 4KB

4c5de46144b7a7771d49d0db72fc902c

Headers

File Characteristics

Imports

crtdll

advapi32

comdlg32

gdi32

kernel32

user32

version

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 27KB

.CRT Size: 4KB - Virtual size: 244B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 15KB - Virtual size: 14KB

.extext
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 332B

.bmem
Size: 512B - Virtual size: 68B

.sedat
Size: 1024B - Virtual size: 844B

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 2KB - Virtual size: 1KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.LOAD
Size: 512B - Virtual size: 4KB

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 27KB

.CRT
Size: 4KB - Virtual size: 244B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 12KB