362c95d2710dbbd3aebcfb7748cce561_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

362c95d2710dbbd3aebcfb7748cce561_JaffaCakes118
Size

72KB
MD5

362c95d2710dbbd3aebcfb7748cce561
SHA1

c22d51c47e820758b3d6cd9c9cee6ccb9fca4844
SHA256

7a23cccc550ef10ecd6f573380334ef95b3b72da7e30f247fcadb2a231e7ed1a
SHA512

76839d6e5c46d8b85d4510c6d260251df70bef5f50f35b112632cc8ce39cf4ba31c0daaf236ff598aaf73950030f155c85f5c0bc77ce561c93c55f6e83c26075
SSDEEP

1536:5AszP9aDo1MF3/sZ3lnePoTr2cNGnpmZEX7NPf8UC4ShJ5CDBkE+:51skmJ/sfe9X7hdOJ56Bo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EquationLaser_752AF597E6D9FD70396ACCC0B9013DBE

Files

362c95d2710dbbd3aebcfb7748cce561_JaffaCakes118
.zip
EquationLaser_752AF597E6D9FD70396ACCC0B9013DBE
.dll windows:5 windows x86 arch:x86

ee845c2ebf05004bb904724010b3d898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
gethostname
gethostbyname
closesocket
sendto
recv
recvfrom
WSAStartup
ioctlsocket
setsockopt
select
__WSAFDIsSet
getsockopt
WSAGetLastError
socket
bind
getsockname

kernel32

SetThreadPriority
GetCurrentThread
CloseHandle
DeviceIoControl
SleepEx
ResumeThread
TerminateThread
WaitForMultipleObjects
GetVersion
ReleaseSemaphore
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetVersionExA
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
GetSystemTimeAsFileTime
lstrcatA
GetComputerNameA
CreateSemaphoreA
GetCurrentProcess
MultiByteToWideChar
WaitForSingleObject
GetSystemTime
CreateMailslotA
WriteFile
ReadFile
GetMailslotInfo
UnmapViewOfFile
lstrcmpiA
MapViewOfFile
CreateFileMappingA
HeapAlloc
GetProcessHeap
lstrcpynA
GetFileSize
HeapFree
SetEvent
CreateEventA
FreeLibraryAndExitThread
GetLastError
GetWindowsDirectoryA
FindClose
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
CopyFileA
DeleteFileA
SetFileTime
LocalFree
LocalAlloc
SetFileAttributesA
GetFileTime
GetFileAttributesA
FindCloseChangeNotification
FindNextChangeNotification
RemoveDirectoryA
FindFirstChangeNotificationA
CreateDirectoryA
GetModuleHandleA
WideCharToMultiByte
GetLocalTime
GetDriveTypeA
GetVolumeInformationA
ResetEvent
WaitForSingleObjectEx
SetFilePointer
LocalReAlloc
GetCurrentProcessId
GetCurrentThreadId
InterlockedExchange
lstrcpyW
lstrlenW
lstrcmpW
LoadLibraryW
GetDiskFreeSpaceA
GetLogicalDriveStringsA
OpenProcess
GetTempPathA
LocalFileTimeToFileTime
lstrcmpA
FindFirstFileW
CopyFileW
CreateDirectoryW
CreateFileW
DeleteFileW
RemoveDirectoryW
CreateProcessA
CreateProcessW
GetStartupInfoA
GetStartupInfoW
MoveFileA
MoveFileW
WritePrivateProfileStringA
MoveFileExA
MoveFileExW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
CompareFileTime
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
Sleep
lstrlenA
lstrcpyA
GetTickCount
GlobalAlloc
DosDateTimeToFileTime

user32

CharUpperW
CharUpperA
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
ExitWindowsEx
wsprintfA
EnumWindows
GetWindowTextA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseWindowStation
CloseDesktop
CallNextHookEx
GetWindowThreadProcessId

advapi32

RegQueryInfoKeyA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RevertToSelf
LogonUserA
OpenProcessToken
ImpersonateLoggedOnUser
GetUserNameA
RegNotifyChangeKeyValue
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenSCManagerA
CloseServiceHandle
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegQueryInfoKeyW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

rand
_endthreadex
_beginthreadex
_except_handler3
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
time
_ftol
memcmp
memmove
qsort
_stricmp
wcscmp
free
strstr
malloc
strcat
realloc
strlen
atol
strcpy
isdigit
sprintf
strcmp
_strupr
exit
wcslen
wcsstr
__dllonexit
_onexit
_initterm
_adjust_fdiv
srand

Exports

Exports

?a73957838_2@@YAXXZ
?a84884@@YAXXZ
?b823838_9839@@YAXXZ
?e747383_94@@YAXXZ
?e83834@@YAXXZ
?e929348_827@@YAXXZ

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee845c2ebf05004bb904724010b3d898

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

version

msvcrt

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 6KB - Virtual size: 303KB

Shared Size: 512B - Virtual size: 280B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 6KB - Virtual size: 303KB

Shared
Size: 512B - Virtual size: 280B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB