034023777ed499be4c118b13c82b6817_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

034023777ed499be4c118b13c82b6817_JaffaCakes118
Size

2.1MB
MD5

034023777ed499be4c118b13c82b6817
SHA1

a17f4a4a58ca56f1d717e3808eeefe626d00e3d8
SHA256

bd20e4f106844d23fcbe636376a83f9ae1a4a2121d461ff2db88af09fb446399
SHA512

c70c811df016326905ddb5f63c87c8c12602cf2128e47a4d78864afa3c1a5c11e6d64327e1bd9a5e58440376478be4d68dfe118db258bb631cd05afa7893bf37
SSDEEP

49152:ig8HOzHagXiVfmq96+vf8IdoBpjuw26Djd24P+LvE6UrS8LW+:ig8HwHzyVfbV38pBpjuw2k20+LvwSq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/greenpois0n.exe

Files

034023777ed499be4c118b13c82b6817_JaffaCakes118
.zip
README
greenpois0n.exe
.exe windows:4 windows x86 arch:x86

d34852da8ad09b9b8288fa24980f0f93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comctl32

InitCommonControlsEx

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

wldap32

ber_free
ldap_err2stringA
ldap_first_attributeA
ldap_first_entry
ldap_get_dnA
ldap_get_values_lenA
ldap_initA
ldap_memfreeA
ldap_msgfree
ldap_next_attributeA
ldap_next_entry
ldap_search_sA
ldap_set_optionA
ldap_simple_bind_sA
ldap_sslinitA
ldap_unbind_s
ldap_value_free_len

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

gdi32

CreateFontA
GetStockObject

kernel32

CancelIo
CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetCommandLineA
GetExitCodeThread
GetFileType
GetLastError
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStartupInfoA
GetStdHandle
GetTickCount
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
ReadFile
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_open
_read
_strdup
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fstati64
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_stati64
_stricmp
_strnicmp
_sys_nerr
_winmajor
abort
atexit
atoi
calloc
fclose
fflush
fgets
fopen
fprintf
fputc
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
malloc
mbstowcs
memchr
memcpy
memmove
printf
putchar
puts
qsort
realloc
rewind
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
system
time
tolower
vfprintf
wcslen
wcstombs

user32

BeginPaint
CreateWindowExA
DefWindowProcA
DispatchMessageA
EnableWindow
EndPaint
GetMessageA
GetSystemMetrics
GetWindowRect
InvalidateRect
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MessageBoxA
MoveWindow
PeekMessageA
PostQuitMessage
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Խ��4.21�̳�.txt

Sharing

General

Malware Config

Signatures

Files

d34852da8ad09b9b8288fa24980f0f93

Headers

File Characteristics

Imports

comctl32

setupapi

wldap32

wsock32

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 267KB - Virtual size: 266KB

.data Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.eh_fram Size: 512B - Virtual size: 288B

.bss Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 75KB - Virtual size: 75KB

.text
Size: 267KB - Virtual size: 266KB

.data
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.eh_fram
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 75KB - Virtual size: 75KB