8231220cd51cb6cd2db6a8ab2a4c4170_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8231220cd51cb6cd2db6a8ab2a4c4170_JaffaCakes118
Size

1.0MB
MD5

8231220cd51cb6cd2db6a8ab2a4c4170
SHA1

fbda8b1bff58d7e2b062475a4cad72989afe8177
SHA256

f81489b36dc465168f338feae96afa3c99ad6263151f71822f4a5744f184eb86
SHA512

35be0542e247125759394faa1e4965f15edc879dcb8a53102e50fe83fcc1e1ed4a1e6425b2e5ab7ddfb1a68ee8b12ed911365f83f6e5faa3c1221b9b4b66fe23
SSDEEP

24576:qR/ylGrr7IqarTA+nBiV0PtAFJaUf/2Bh7Is2YEKR:qdE+vFa/A+iVYq2Bh79EKR

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/usr/share/dbd/binaries/dbd.exe
unpack002/usr/share/dbd/binaries/dbdbg-stealth.exe
unpack002/usr/share/dbd/binaries/dbdbg.exe

Files

8231220cd51cb6cd2db6a8ab2a4c4170_JaffaCakes118
.xz
8231220cd51cb6cd2db6a8ab2a4c4170_JaffaCakes118
.tar
.MTREE
.gz
.MTREE
.PKGINFO
usr/bin/dbd
.elf linux x64
usr/share/dbd/COPYING
usr/share/dbd/History.md
usr/share/dbd/Makefile
usr/share/dbd/README
usr/share/dbd/TODO
usr/share/dbd/aes.c
usr/share/dbd/aes.h
usr/share/dbd/binaries/dbd-aarch64
.elf linux aarch64
usr/share/dbd/binaries/dbd-aarch64-static
.elf linux aarch64
usr/share/dbd/binaries/dbd-arm7-static-diet
.elf linux arm
usr/share/dbd/binaries/dbd-armv7
.elf linux arm
usr/share/dbd/binaries/dbd-armv7-static
.elf linux arm
usr/share/dbd/binaries/dbd-linux32
.elf linux x86
usr/share/dbd/binaries/dbd-linux32-static
.elf linux x86
usr/share/dbd/binaries/dbd-linux32-static-diet
.elf linux x86
usr/share/dbd/binaries/dbd-ppc64-static
.elf linux ppc64
usr/share/dbd/binaries/dbd-ppc64-static-diet
.elf linux ppc64
usr/share/dbd/binaries/dbd.exe
.exe windows:4 windows x86 arch:x86

3be4197b61e69332cbb983cf55e2642a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FreeConsole
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTime
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
PeekNamedPipe
ReadFile
ReleaseSemaphore
SetUnhandledExceptionFilter
Sleep
TerminateProcess
WaitForMultipleObjects
WaitForSingleObject
WriteFile

msvcrt

_getpid
_itoa
_kbhit
_read
_strdup
_write
__getmainargs
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_isatty
_onexit
_setmode
_stricmp
atexit
atoi
fprintf
fputc
free
fwrite
getenv
malloc
memcpy
memset
printf
signal
strchr
strerror
strlen
strncmp
strstr
vfprintf

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getsockname
htonl
htons
inet_addr
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
usr/share/dbd/binaries/dbdbg-stealth.exe
.exe windows:4 windows x86 arch:x86

917250177f5f686fce0f95e8fc64b8a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTime
GetVersionExA
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
PeekNamedPipe
ReadFile
ReleaseSemaphore
SetUnhandledExceptionFilter
Sleep
TerminateProcess
WaitForMultipleObjects
WaitForSingleObject
WriteFile

msvcrt

_getpid
_strdup
__getmainargs
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_stricmp
atexit
atoi
exit
fprintf
fputc
free
getenv
malloc
memcpy
memset
signal
strchr
strlen
strncmp
vfprintf

user32

GetMessageA
PostThreadMessageA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getsockname
htonl
htons
inet_addr
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
usr/share/dbd/binaries/dbdbg.exe
.exe windows:4 windows x86 arch:x86

0c8929061f56ac7fb5683f791196adc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FormatMessageA
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTime
GetVersionExA
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
LocalFree
PeekNamedPipe
ReadFile
ReleaseSemaphore
SetUnhandledExceptionFilter
Sleep
TerminateProcess
WaitForMultipleObjects
WaitForSingleObject
WriteFile

msvcrt

_getpid
_strdup
__getmainargs
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_stricmp
atexit
atoi
exit
fprintf
fputc
free
getenv
malloc
memcpy
memset
signal
strchr
strlen
strncmp
strncpy
strstr
vfprintf

user32

GetMessageA
MessageBoxA
PostThreadMessageA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getsockname
htonl
htons
inet_addr
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
usr/share/dbd/dbd
.elf linux x64
usr/share/dbd/dbd.c
usr/share/dbd/dbd.h
usr/share/dbd/doexec.c
usr/share/dbd/doexec_unix.h
usr/share/dbd/doexec_win32.h
usr/share/dbd/misc.h
usr/share/dbd/mktarball.sh
.sh linux
usr/share/dbd/pel.c
usr/share/dbd/pel.h
usr/share/dbd/readwrite.h
usr/share/dbd/sha1.c
usr/share/dbd/sha1.h
usr/share/dbd/socket_code.h

Sharing

General

Malware Config

Signatures

Files

3be4197b61e69332cbb983cf55e2642a

Headers

File Characteristics

Imports

kernel32

msvcrt

wsock32

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 512B - Virtual size: 372B

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 18KB

.idata Size: 2KB - Virtual size: 2KB

917250177f5f686fce0f95e8fc64b8a8

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

wsock32

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 296B

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 18KB

.idata Size: 2KB - Virtual size: 2KB

0c8929061f56ac7fb5683f791196adc0

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

wsock32

Sections

.text Size: 51KB - Virtual size: 51KB

.data Size: 512B - Virtual size: 372B

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 512B - Virtual size: 372B

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 2KB - Virtual size: 2KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 296B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 2KB - Virtual size: 2KB

.text
Size: 51KB - Virtual size: 51KB

.data
Size: 512B - Virtual size: 372B

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 2KB