b90e4b62c294b6aec02c30a8caa1b842_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b90e4b62c294b6aec02c30a8caa1b842_JaffaCakes118
Size

33KB
MD5

b90e4b62c294b6aec02c30a8caa1b842
SHA1

7f95eca5171abd93ec4d88dddbab8a4df6829602
SHA256

03117ee948a8020de39e3c64974217a1d5162eac8f97146364644cacf9df5fb6
SHA512

17799e88066d4e1f244cd977fb29c68a5a4feb31b687e1f62e35b357788dc659b1afd6bfc7a05dc2d90e15a51a9e34a4c5ee8f13a71e968bf4bc6d087a86f767
SSDEEP

768:hOnCINMXkipRjTU+A0WyZPs8A7p3Wo7FV+FeyhG72f5kWbzhEFdmp:h3INMXJpRjTbWcPs33WohVR9WJz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hack.dll
unpack001/hack.exe

Files

b90e4b62c294b6aec02c30a8caa1b842_JaffaCakes118
.rar
hack.dll
.dll windows:5 windows x86 arch:x86

527d1c632160a28750dadfa6181856ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\m3n\Desktop\` CSS Public Framework\binary\nt.pdb

Imports

kernel32

GetCurrentProcess
GetProcAddress
Sleep
GetModuleHandleA
FlushInstructionCache
CreateThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetModuleFileNameA
GetTickCount
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent

user32

GetAsyncKeyState

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

msvcp90

?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z

vstdlib

RandomFloat
RandomSeed

msvcr90

_CIsin
_CIsqrt
sprintf
_CIatan2
__CxxFrameHandler3
free
mbstowcs
_CIcos
vsprintf
memset
_CIatan
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove_s
atof
tolower
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_CIacos
??0exception@std@@QAE@ABQBD@Z
malloc

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hack.exe
.exe windows:4 windows x86 arch:x86

c4e4b03fa3075d0d68900e9aefe97a7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Documents and Settings\jdc\Desktop\Visual Studio Projects\Copy of Copy of loader\Release\anti-leak.pdb

Imports

kernel32

CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Sleep
lstrcmpA
Process32Next
Process32First
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
VirtualProtect
GetLocaleInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetSystemInfo

user32

FindWindowA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt
settings.txt

Sharing

General

Malware Config

Signatures

Files

527d1c632160a28750dadfa6181856ab

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp90

vstdlib

msvcr90

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 146KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 4KB - Virtual size: 3KB

c4e4b03fa3075d0d68900e9aefe97a7e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 146KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 2KB