66128a1a8fdde916c029a781bdce3bd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66128a1a8fdde916c029a781bdce3bd8_JaffaCakes118
Size

123KB
MD5

66128a1a8fdde916c029a781bdce3bd8
SHA1

0832bdbacf9ceb809b17cb279d08d6df8cf862d5
SHA256

ad5c0a1be053ea7de269bd249bb66e3d27dff8353e516aa01c12714ae8f2cd10
SHA512

4f2561a83ec7b1189194a4f8e90c6d98e137512190ba27d911e2ea59bb51b602d3ba58c2a658ad14e05b17785752f0875a5b5cb4ba1b5a6b82726e22bccc2a59
SSDEEP

3072:a1OnnZnX3pJmmQpV11X9KReu9vLT2mj0U:a1mZnpJjQv1vKR/hLKY0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66128a1a8fdde916c029a781bdce3bd8_JaffaCakes118

Files

66128a1a8fdde916c029a781bdce3bd8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

83f973d8d0ba495a78d06cadcbdccf72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Frk7\Desktop\Nohrpmeplease\h3rpes\Herpes4\Release\Herpes.pdb

Imports

d3d9

Direct3DCreate9

ws2_32

gethostbyname
WSAStartup
gethostname
inet_ntoa

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipGetImageEncoders

kernel32

lstrcpyA
CreateFileA
GetFileSize
lstrcmpA
SetFilePointer
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
GetVolumeInformationA
Sleep
ReadFile
lstrcmpiA
CopyFileA
SetFileAttributesA
GetModuleFileNameA
CloseHandle
DeleteFileA
CreateThread
HeapCreate
FlushFileBuffers
GetSystemTime
ExitProcess
SetErrorMode
GetCurrentProcess
Process32First
VirtualFree
CreateRemoteThread
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
GetLastError
EnterCriticalSection
VirtualAllocEx
OpenMutexA
Process32Next
GetModuleHandleA
GetTempPathA
CreateToolhelp32Snapshot
WriteProcessMemory
GetComputerNameA
GetEnvironmentVariableA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
LoadLibraryW
RtlUnwind
GetStringTypeW
lstrcatA
GetTickCount
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapReAlloc
LeaveCriticalSection
CreateMutexA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
WriteConsoleW
VirtualAlloc
CreateFileW
GetStdHandle

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetQueryDataAvailable
InternetConnectA

user32

GetWindowDC
PostQuitMessage
LoadStringA
LoadIconA
BeginPaint
TranslateMessage
MessageBoxA
CreateWindowExA
TranslateAcceleratorA
RegisterClassExA
DefWindowProcA
LoadAcceleratorsA
DispatchMessageA
UpdateWindow
LoadCursorA
DialogBoxParamA
GetKeyState
GetForegroundWindow
GetWindowTextA
GetAsyncKeyState
MapVirtualKeyA
wvsprintfA
wsprintfA
GetMessageA
DestroyWindow
SwapMouseButton
EndPaint
GetSystemMetrics
EndDialog

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
SaveDC
RestoreDC
BitBlt

advapi32

CryptReleaseContext
RegCloseKey
AdjustTokenPrivileges
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
LookupPrivilegeValueA
LookupAccountSidA
RegQueryValueExA
RegSetValueExA
GetTokenInformation
OpenProcessToken
CryptAcquireContextA
RegOpenKeyExA
AllocateAndInitializeSid
CryptCreateHash
FreeSid
CheckTokenMembership
CryptDestroyHash
CryptHashData
CryptGetHashParam

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.injcd
Size: 1024B - Virtual size: 907B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83f973d8d0ba495a78d06cadcbdccf72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

ws2_32

gdiplus

kernel32

wininet

user32

gdi32

advapi32

shell32

Sections

.text Size: 78KB - Virtual size: 77KB

.injcd Size: 1024B - Virtual size: 907B

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 78KB - Virtual size: 77KB

.injcd
Size: 1024B - Virtual size: 907B

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB