76b39ffeabf4ce62e122634e2ca8c18b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76b39ffeabf4ce62e122634e2ca8c18b_JaffaCakes118
Size

201KB
MD5

76b39ffeabf4ce62e122634e2ca8c18b
SHA1

3ad6a1b5c1a1c3abc3269acf70574fb38f046b6c
SHA256

9a2886da19f7871c789d5386557b3f46a5650e92cd4a47e03fac20db71d8edf3
SHA512

f30d9efb97614b9dd08eb3bc628ba9e15c7e604084bbbe1b62035a02d0f8665f5331ad37f2ff7c15559a1dbc983d250d93f5957b476e19d8d0f45d76ed401bb9
SSDEEP

6144:6Ub1Qtylygv3yUpBVdsiThr7fF5r/kEGwvD2IOKdEbF+:9b1SEygviUPseXfHrsEGG6nkT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Aerohacks CSS v1.8/ahp.dll
unpack001/Aerohacks CSS v1.8/ahp.exe

Files

76b39ffeabf4ce62e122634e2ca8c18b_JaffaCakes118
.rar
Aerohacks CSS v1.8/ahp.dll
.dll windows:5 windows x86 arch:x86

4e25d9f028eb3202d363a07663197203

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\HomeOffice\Desktop\GBP.pdb

Imports

winmm

timeGetTime

kernel32

GetEnvironmentStrings
GetProcAddress
GetModuleHandleA
VirtualProtect
MultiByteToWideChar
GetModuleFileNameA
Sleep
CreateThread
VirtualQuery
HeapAlloc
GetProcessHeap
ExitProcess
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentProcess
FlushInstructionCache
FlushFileBuffers
CloseHandle
CreateFileA
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
RtlUnwind
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteFile
RaiseException
LCMapStringW
LCMapStringA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA

user32

ScreenToClient
GetForegroundWindow
GetCursorPos
SetActiveWindow
SetForegroundWindow
GetActiveWindow
SystemParametersInfoA
GetAsyncKeyState

shell32

ShellExecuteA

vstdlib

RandomSeed
KeyValuesSystem
RandomFloat

tier0

DevMsg
Error
Msg
Warning
CommandLine_Tier0
GetCPUInformation
g_pMemAlloc
?DevMsg@@YAXPBDZZ
_AssertValidWritePtr
AssertValidStringPtr
?Lock@CThreadMutex@@QBEXXZ
?Lock@CThreadMutex@@QAEXXZ

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aerohacks CSS v1.8/ahp.exe
.exe windows:4 windows x86 arch:x86

001b0d4d45aca520c2b39065a69c7b45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516
ord631
ord526
DllFunctionCall
__vbaExceptHandler
ord711
ord607
ord717
ProcCallEngine
ord537
ord644
ord570
ord648
ord573
ord100
ord616
ord618
ord581

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eizq
Size: 16KB - Virtual size: 4KB
Aerohacks CSS v1.8/settings.cfg

Sharing

General

Malware Config

Signatures

Files

4e25d9f028eb3202d363a07663197203

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

shell32

vstdlib

tier0

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 11KB - Virtual size: 95KB

.reloc Size: 41KB - Virtual size: 41KB

001b0d4d45aca520c2b39065a69c7b45

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 568B

.eizq Size: 16KB - Virtual size: 4KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 11KB - Virtual size: 95KB

.reloc
Size: 41KB - Virtual size: 41KB

.text
Size: 12KB - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 568B

.eizq
Size: 16KB - Virtual size: 4KB