6efb565fae0088a62cd69cf75035fd46_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6efb565fae0088a62cd69cf75035fd46_JaffaCakes118
Size

605KB
MD5

6efb565fae0088a62cd69cf75035fd46
SHA1

5d6ee62420112578155df187605a0341939e730b
SHA256

ec93f43612fd23da563aaafec5e4ed8207e3c28cf901d0cfaf575be071f88f99
SHA512

b0e534b6650304748a2e5013039c7ac5d6ad0ae498429bb1f41ebc9cb8db23fe56dc9aac1a5d2ddbc80a37adfaa6957584079c778d2fa6f01d716a03888e71cc
SSDEEP

12288:/CMJdkiX5nPLNb2oc2TzRtC16TTn4S/prroND+BRXNEohaR1j00X7lz0hr:KMJdJ2Szd34CpAN6BZNEfL40XeJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ThunderbirdPassDecryptor.exe

Files

6efb565fae0088a62cd69cf75035fd46_JaffaCakes118
.rar
155绿色软件站.url
.url
ThunderbirdPassDecryptor.exe
.exe windows:5 windows x86 arch:x86

d00c98df975c0d98145984b98eb96e0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\projects\windows\ThunderBirdPassDecryptor\release\ThunderbirdPassDecryptor.pdb

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleHandleW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetModuleFileNameW
GlobalFree
LocalFree
MulDiv
lstrlenA
CreateFileW
CreateFileA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
FormatMessageA
GetTempPathW
LockFileEx
GetSystemTimeAsFileTime
GetSystemTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryW
DeleteFileW
GetFileAttributesW
DeleteFileA
LockFile
UnlockFile
GetFileSize
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
AreFileApisANSI
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
Sleep
SetDllDirectoryA
ExitProcess
WideCharToMultiByte
GetTempPathA
SizeofResource
SetLastError
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
CloseHandle
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetVersionExA
GetLastError
GlobalAlloc
GlobalLock
GetStdHandle
GlobalUnlock

user32

DestroyMenu
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetCursorPos
InflateRect
GetNextDlgGroupItem
PostMessageA
GetCapture
ClientToScreen
WindowFromPoint
DestroyIcon
GetIconInfo
UnregisterClassA
SetActiveWindow
GetSysColorBrush
GetWindowLongA
GetWindowRect
DrawEdge
OffsetRect
SetRectEmpty
DrawStateA
IsWindow
ReleaseDC
GetDC
GetSubMenu
CopyRect
SetWindowLongA
LoadCursorA
ReleaseCapture
GetParent
SetCapture
RedrawWindow
InvalidateRect
PtInRect
SetCursor
GetSystemMetrics
LoadIconA
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
LoadImageA
SendMessageA
EnableWindow
GetSysColor
PeekMessageA

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
SetStretchBltMode
SetDIBitsToDevice
SelectObject
GetObjectA
CreateFontIndirectA
GetStockObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontA
CreateSolidBrush

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathFindExtensionA

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 827KB - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00c98df975c0d98145984b98eb96e0f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 519KB - Virtual size: 519KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 11KB - Virtual size: 47KB

.rsrc Size: 827KB - Virtual size: 826KB

.text
Size: 519KB - Virtual size: 519KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 11KB - Virtual size: 47KB

.rsrc
Size: 827KB - Virtual size: 826KB