HF
Overview
overview
7Static
static
7Ad Muncher...00.dll
windows7-x64
3Ad Muncher...00.dll
windows10-2004-x64
3Ad Muncher...00.dll
windows7-x64
6Ad Muncher...00.dll
windows10-2004-x64
3Ad Muncher...ch.dll
windows7-x64
3Ad Muncher...ch.dll
windows10-2004-x64
3Ad Muncher...ch.exe
windows7-x64
6Ad Muncher...ch.exe
windows10-2004-x64
3Behavioral task
behavioral1
Sample
Ad Muncher/AM30400.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Ad Muncher/AM30400.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Ad Muncher/AM30400.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Ad Muncher/AM30400.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Ad Muncher/AdMunch.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Ad Muncher/AdMunch.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Ad Muncher/AdMunch.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Ad Muncher/AdMunch.exe
Resource
win10v2004-20241007-en
General
-
Target
50457eba49f8d3c44a6ca63357d358e2_JaffaCakes118
-
Size
1.1MB
-
MD5
50457eba49f8d3c44a6ca63357d358e2
-
SHA1
875d5dceb68239ebb66a90dc5c5169129f40d988
-
SHA256
9de0866b7707cf876be69892c0067fb48eeb4ae01a1c789d2b279f4a359780a4
-
SHA512
33f05f3699367af4ca64918cfe6e92213c6acae6d0be81c33242597ff974b4176e63b1dec410b6ff189e2a0c96d9b95c8bd6680bd10aee1b00ee4eda2b5fa0aa
-
SSDEEP
24576:g+PVhdo4Rx1QOUOTEdjuOm4aauJ0zP+ERPARrmt:g6Vhq4H1QJOTEdeL5JqPD9AhU
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Ad Muncher/AM30400.fre aspack_v212_v242 -
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/Ad Muncher/AM30400.dll unpack001/Ad Muncher/AM30400.fre unpack001/Ad Muncher/AdMunch.dll unpack001/Ad Muncher/AdMunch.exe
Files
-
50457eba49f8d3c44a6ca63357d358e2_JaffaCakes118.rar
-
Ad Muncher/AM30400.dll.dll .js windows:1 windows x86 arch:x86 polyglot
5e893abc22692ace70befa297d1738ca
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GlobalFree
VirtualFree
IsBadWritePtr
GlobalSize
GetTempPathA
VirtualProtect
DeleteFileA
ExitProcess
FindClose
IsBadReadPtr
GlobalAlloc
FreeLibrary
WriteFile
WaitForSingleObject
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessTimes
GetSystemDirectoryA
FindFirstFileA
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetVersionExA
CreateFileA
GetSystemTimeAsFileTime
GetDateFormatA
LoadLibraryA
LocalFree
MapViewOfFile
OpenEventA
OpenFileMappingA
OpenMutexA
ReadFile
ReleaseMutex
SetEvent
SetLastError
UnmapViewOfFile
VirtualAlloc
user32
MessageBoxA
InsertMenuItemA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
DestroyMenu
DeleteMenu
CreateMenu
CallNextHookEx
AppendMenuA
LoadMenuA
GetMenuItemInfoA
shell32
ShellExecuteExA
advapi32
FreeSid
GetSecurityDescriptorSacl
GetAce
EqualSid
AllocateAndInitializeSid
Exports
Exports
Sections
CODE Size: 22KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Ad Muncher/AM30400.fre.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 39KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 128KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Ad Muncher/AdMunch.dll.dll windows:1 windows x86 arch:x86
191449e9ea4e2a2101cddbea0fcf3723
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetModuleFileNameA
LoadLibraryA
FreeLibrary
Sections
CODE Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Ad Muncher/AdMunch.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.packed Size: 512B - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.RLPack Size: 428KB - Virtual size: 445KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Ad Muncher/Config.dat
-
Ad Muncher/Install.ini
-
Ad Muncher/License.dat
-
Ad Muncher/Registration.dat