b3e74a076efaa5c85af764c2f88a4840_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3e74a076efaa5c85af764c2f88a4840_JaffaCakes118
Size

475KB
MD5

b3e74a076efaa5c85af764c2f88a4840
SHA1

b0027454dba81841307294d829e10276c061299f
SHA256

7ce4641ab9a286961f7dcb95197e9541d75ecfa4282256001579c20d8e15313b
SHA512

8f9215cf285138fb45fdbcdc9b73295b502b0d27705957c14e21a41d1f78a403c47c33162c1f2b04451fbb3866a4d3c5a296e440d58b2494e7318e1d8bd6679c
SSDEEP

12288:C2DlhW8NPlZfxK7zWx39L3PHvAaB9TKrM:RlxNPllP39bfxjTl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GrayFish_9B1CA66AAB784DC5F1DFE635D8F8A904

Files

b3e74a076efaa5c85af764c2f88a4840_JaffaCakes118
.zip

Password: infected
GrayFish_9B1CA66AAB784DC5F1DFE635D8F8A904
.exe windows:4 windows x86 arch:x86

35282f2a6887e3b2d79f90b4c1c2e128

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrcmpiA
SetLastError
WaitForSingleObject
SleepEx
ReleaseMutex
InterlockedIncrement
InterlockedExchange
CreateMutexA
InterlockedDecrement
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
CreateFileA
FindClose
FindFirstFileA
GetTickCount
VirtualProtect
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
LockResource
SizeofResource
LoadResource
FindResourceA
SetEvent
CreateEventA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCurrentProcess
GetModuleHandleA
OpenProcess
GetVersionExA
IsBadStringPtrW
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
GetModuleFileNameA
VirtualLock
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
GetStartupInfoA
WriteFile
WideCharToMultiByte
GetModuleFileNameW
IsBadWritePtr
IsBadReadPtr
Sleep
OpenMutexA
TerminateProcess
ResetEvent
lstrlenW
lstrcmpiW
HeapReAlloc
GetEnvironmentVariableA
TerminateThread
CreateThread
QueryPerformanceCounter
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
GetFileAttributesW
MultiByteToWideChar
GetLastError
SetErrorMode
GetTempPathW
GetTempFileNameW
CreateFileMappingW
GetSystemInfo
LoadLibraryExA
LocalAlloc
GetVersion
VirtualAlloc
VirtualFree
OpenMutexW
CreateMutexW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize

advapi32

ControlService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CreateServiceW
OpenServiceW
QueryServiceStatus
StartServiceA
CloseServiceHandle
InitializeSecurityDescriptor

msvcrt

_snprintf
mbstowcs
sprintf
_snwprintf
strrchr
strncpy
_splitpath
strcpy
memset
wcstombs
wcscat
wcschr
wcsrchr
_local_unwind2
wcsncmp
wcsncat
wcsstr
strncat
memcmp
_getpid
wcsncpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_CxxThrowException
wcscpy
strlen
_stricmp
_wcsicmp
_wcsnicmp
_strnicmp
swprintf
wcslen
memcpy
_purecall
malloc
free
__CxxFrameHandler
fseek
fread
_get_osfhandle
memmove
calloc
??2@YAPAXI@Z
fclose
_wfopen
strstr
strcmp
strncmp
??3@YAXPAX@Z
wcscmp

user32

UnregisterClassW
SetPropA
CreateWindowExW
DestroyWindow

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

35282f2a6887e3b2d79f90b4c1c2e128

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 9KB

.sxdata Size: 4KB - Virtual size: 48B

.rsrc Size: 416KB - Virtual size: 413KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 9KB

.sxdata
Size: 4KB - Virtual size: 48B

.rsrc
Size: 416KB - Virtual size: 413KB