JaffaCakes118_05da915207fe2b7a54f238fee7828d3cf0cc0db0f0de7993b9ddafdf9077f3bb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_05da915207fe2b7a54f238fee7828d3cf0cc0db0f0de7993b9ddafdf9077f3bb
Size

200KB
MD5

13991e82bc8cdb0b02c390faa8197f9d
SHA1

9c110ef10e4b4ae53cf3933e4de839a2d8f50bc7
SHA256

05da915207fe2b7a54f238fee7828d3cf0cc0db0f0de7993b9ddafdf9077f3bb
SHA512

750fae394893111c68350e84d061f5b6d585944511cdb98e9c1787cc1985444c0a359ab560b0aaeb5f9e2ca639c9c21d8f36272b1d6a227522dba4f024ca27ed
SSDEEP

3072:Iy1a5qq42NojV7lDIYNQ96yfyhp9S67+Ullg0KFirhU/PCd19zFbhms1rheKBRnO:NAGjn26Z7+Urg0KFisQF15rxBLOu/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3c783827c751d8155644f546b2d6b5306a2520fff907a962a669f3f86cf5c9fe.exe
unpack002/araew.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/3c783827c751d8155644f546b2d6b5306a2520fff907a962a669f3f86cf5c9fe.exe	nsis_installer_1
static1/unpack001/3c783827c751d8155644f546b2d6b5306a2520fff907a962a669f3f86cf5c9fe.exe	nsis_installer_2

Files

JaffaCakes118_05da915207fe2b7a54f238fee7828d3cf0cc0db0f0de7993b9ddafdf9077f3bb
.zip

Password: infected
3c783827c751d8155644f546b2d6b5306a2520fff907a962a669f3f86cf5c9fe.exe
.exe windows:4 windows x86 arch:x86

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CreateDirectoryA
lstrcmpiA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
araew.exe
.exe windows:6 windows x86 arch:x86

6efef9f85f49f493bf76c5f540714d4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrIW
StrRStrIA

kernel32

RtlUnwind
WriteConsoleW
CloseHandle
SetNamedPipeHandleState
SleepEx
LocalReAlloc
DosDateTimeToFileTime
OpenEventW
DeleteTimerQueue
WriteProcessMemory
CreateFileA
GetFileSize
ReadFile
GetTempPathA
HeapAlloc
GetProcessHeap
VirtualAlloc
lstrcatA
EnumSystemCodePagesA
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
DecodePointer
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

shell32

SHBrowseForFolder

wininet

LoadUrlCacheContent
IsHostInProxyBypassList
HttpSendRequestA
FindFirstUrlCacheEntryW
GetUrlCacheEntryInfoExW
SetUrlCacheEntryGroup
HttpSendRequestExW
InternetCanonicalizeUrlA
InternetSetDialState
InternetConfirmZoneCrossing

loadperf

UnloadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsA

msacm32

acmStreamUnprepareHeader
acmStreamOpen
acmFilterChooseW
acmFilterTagEnumA
acmFilterEnumA
acmMetrics
acmFormatEnumA
acmFormatSuggest
acmDriverID

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
etnvupj.xe
pjlje.e

Sharing

General

Malware Config

Signatures

Files

Password: infected

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 3.6MB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

6efef9f85f49f493bf76c5f540714d4e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

shell32

wininet

loadperf

msacm32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B