f76c0d460f364897505120a1632507ec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f76c0d460f364897505120a1632507ec_JaffaCakes118
Size

339KB
MD5

f76c0d460f364897505120a1632507ec
SHA1

9e39203c6181f636445abd485bf649dce784e6a8
SHA256

590d9e8fd9be7a07b6d474cfc17085cdcdf3a2f7e84b23005e97e0a5760d2bba
SHA512

f662a1594f295caa264866a823e990766d75e95fa5830222e40a92f0a70005b16cfeb903e146c5636cc23d57713d179f27baaf1cb1d59c2efe0453d9603a3c81
SSDEEP

6144:HavcXXgB9+voIN5HN0AuS0/jNhPqzgC8Jqzo321oC2KrozvFrxr:HjXXgB9oHN0VS0/jLPI8JV+oPnt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AeroGlassEffect_By i_placebo.exe
unpack001/visual_viewer.dll

Files

f76c0d460f364897505120a1632507ec_JaffaCakes118
.rar
AeroGlassEffect_By i_placebo.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
project_template.bcp
visual_viewer.dll
.dll windows:4 windows x86 arch:x86

79f04697aaa4e7f59d9bb975ba8f2f76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php4ts

_zend_list_delete
ts_resource_ex
zend_llist_clean
php_info_print_table_end
_array_init
add_assoc_string_ex
add_assoc_long_ex
add_assoc_double_ex
php_strlcpy
zend_fetch_resource
zval_add_ref
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_data_ex
zend_hash_get_current_key_ex
zend_hash_move_forward_ex
php_body_write
_zend_list_addref
executor_globals_id
call_user_function
convert_to_long
_zval_ptr_dtor
zend_get_parameters_ex
_emalloc
_zval_copy_ctor
_convert_to_string
core_globals_id
php_url_parse_ex
php_error_docref0
php_check_open_basedir
php_checkuid
php_url_free
get_active_function_name
zend_error
zend_llist_add_element
zend_register_resource
zend_wrong_param_count
_estrndup
zend_register_list_destructors_ex
zend_register_long_constant
php_info_print_table_start
php_info_print_table_row
php_file_le_stream
_php_stream_cast
_efree
_ecalloc
zend_llist_init
_erealloc

wsock32

accept
listen
__WSAFDIsSet
gethostbyname
select
WSAGetLastError
inet_addr
WSASetLastError
connect
recv
setsockopt
ioctlsocket
bind
getsockname
socket
WSACleanup
getsockopt
inet_ntoa
htons
ntohs
closesocket
send
WSAStartup

ssleay32

ord87
ord90
ord75
ord43
ord15
ord21
ord242
ord17
ord222
ord6
ord78
ord31
ord235
ord130
ord58
ord127
ord30
ord96
ord86
ord48
ord8
ord74
ord183
ord24
ord49
ord12
ord61
ord243
ord77
ord126
ord113
ord172
ord5
ord157
ord116
ord110
ord141
ord108

libeay32

ord1015
ord809
ord808
ord466
ord468
ord467
ord2254
ord281
ord280
ord654
ord2291
ord2442
ord188
ord1951
ord566
ord227
ord223
ord578
ord579
ord1216
ord2023
ord2075
ord1653
ord1654
ord657
ord585
ord641
ord181
ord653
ord1958
ord680
ord1
ord254
ord2435
ord224
ord298
ord2437
ord2436
ord784

winmm

timeGetTime

msvcrt

fputc
strtoul
atoi
strstr
toupper
tolower
memmove
sscanf
fseek
strncpy
_errno
fgets
fprintf
fputs
strerror
_sys_nerr
_beginthreadex
fflush
_ftol
gmtime
_lseeki64
_fstati64
getenv
mktime
_initterm
_adjust_fdiv
calloc
_strnicmp
_strdup
_stricmp
_open
_close
_read
malloc
_isctype
free
fread
strchr
fwrite
memchr
realloc
fclose
fopen
_stati64
strrchr
time
sprintf
srand
strtol
_pctype
__mb_cur_max
rand
_iob

kernel32

DuplicateHandle
DisableThreadLibraryCalls
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
WaitForMultipleObjects
PeekNamedPipe
GetProcAddress
FreeLibrary
LoadLibraryA
GetCurrentProcess
FormatMessageA
SetEvent
SetLastError
CreateMutexA
CreateEventA
GetTickCount
WaitForSingleObject
ReleaseMutex
TerminateThread
GetExitCodeThread
CloseHandle
SleepEx
GetLastError

Exports

Exports

get_module

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 496KB - Virtual size: 494KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 12B

79f04697aaa4e7f59d9bb975ba8f2f76

Headers

File Characteristics

Imports

php4ts

wsock32

ssleay32

libeay32

winmm

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 28KB - Virtual size: 25KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 496KB - Virtual size: 494KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 28KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 7KB