JaffaCakes118_642491c1e3571edccffde78785eb27b8fc4d302ad4b807ff4b6bce88628aa064

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_642491c1e3571edccffde78785eb27b8fc4d302ad4b807ff4b6bce88628aa064
Size

1.1MB
MD5

ecfee92615a6c99f3e9a71e4e7978bbb
SHA1

a1adbaa79b548de46fa971b65a05f7754adc3b4a
SHA256

642491c1e3571edccffde78785eb27b8fc4d302ad4b807ff4b6bce88628aa064
SHA512

b8841f8606f135efb6cbd053de605b70e6c78e04c56d56202d2fcc8c176a90523471cad75e35cd2587ea35b3ef80794df3506a543dec07b628fd6fa9c997059c
SSDEEP

24576:CwjCjQgGZ6E4+KaHRCGd0cLlBW1SJFjnrp17sGghYE4IqY:VjCNEBxCGd0KlBWsFjndeGuYEZqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_642491c1e3571edccffde78785eb27b8fc4d302ad4b807ff4b6bce88628aa064

Files

JaffaCakes118_642491c1e3571edccffde78785eb27b8fc4d302ad4b807ff4b6bce88628aa064
.dll windows:6 windows x86 arch:x86

b8605f7e1e66691d97773fdecfff8b81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\141\Press_this\job-operate\Forest\also.pdb

Imports

kernel32

GetDateFormatA
ResetEvent
GetWindowsDirectoryA
GetLocalTime
VirtualProtectEx
GetProcessHeap
CreateDirectoryA
GetSystemTime
CreateSemaphoreA
QueryPerformanceCounter
WaitForSingleObjectEx
OutputDebugStringW
LockResource
CreateFileW
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
OpenProcess
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetVersionExA
GetSystemDirectoryA
CreateFileA
CopyFileA
OutputDebugStringA
Sleep
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetTimeZoneInformation
SetConsoleCtrlHandler
HeapReAlloc
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
GetModuleHandleA
VirtualAlloc
VirtualFree
FreeEnvironmentStringsW
VirtualProtect
MultiByteToWideChar
GetLastError
FormatMessageW
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
HeapAlloc
GetCurrentThread
GetACP
HeapFree
GetStdHandle
GetFileType
CloseHandle
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
CreateProcessW
GetFileAttributesExW
GetDateFormatW
GetTimeFormatW
IsValidLocale
CreateThread

user32

EnumWindows
GetCursorPos
ReleaseDC
GetFocus
CallNextHookEx
GetClassInfoExA
GetKeyNameTextA
CallWindowProcA
GetWindowLongA
GetWindowTextLengthA
DefWindowProcA
SetFocus
AppendMenuA
RegisterClassExA

gdi32

GetTextExtentPoint32A
SetPixel
PatBlt
StretchBlt
SelectObject

ole32

OleUninitialize
OleSetContainedObject
OleInitialize

shlwapi

PathUnquoteSpacesA
PathRemoveArgsA
PathRemoveBlanksW
PathRemoveBackslashW
PathStripPathA

secur32

FreeContextBuffer
QueryContextAttributesA
AcceptSecurityContext
QuerySecurityPackageInfoA
InitializeSecurityContextA

comctl32

ImageList_Draw
ImageList_DragEnter
ImageList_ReplaceIcon
ImageList_DragLeave

Exports

Exports

Anegg
Carrybear
GentleCross
Thosedoes
Wishrope

Sections

.text
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8605f7e1e66691d97773fdecfff8b81

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

shlwapi

secur32

comctl32

Exports

Exports

Sections

.text Size: 589KB - Virtual size: 588KB

.rdata Size: 492KB - Virtual size: 491KB

.data Size: 7KB - Virtual size: 92KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 589KB - Virtual size: 588KB

.rdata
Size: 492KB - Virtual size: 491KB

.data
Size: 7KB - Virtual size: 92KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 20KB