0317d5ed5d44a805a911aff7d8576d48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0317d5ed5d44a805a911aff7d8576d48_JaffaCakes118
Size

712KB
MD5

0317d5ed5d44a805a911aff7d8576d48
SHA1

213a9cf5a302220f4723644917c553624b508969
SHA256

d8f7586b5900da38432e286c0536ab848852a774c9adc98b1878b67ce6f34544
SHA512

327856dd49751d2cf450ef200efca93eb9f9f49ee5cf3ea834c5e06649bf0c815d28b298d47bc73a657047e0f3069b472383eb2b89df2581474ada64389a9f08
SSDEEP

6144:F7ZGCtQQQT3zgYURWHo0N0FCJfTXeQ4hGvAJkcTOwL2PfgaNHpbsMaSVkmOFpuJ6:FcamjF20N/THgyfgcHASVhc57My

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0317d5ed5d44a805a911aff7d8576d48_JaffaCakes118

Files

0317d5ed5d44a805a911aff7d8576d48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef4fb98f6f79cfd658e81584461ee013

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cygcrypto-0.9.8

EVP_md5
EVP_sha1
HMAC
HMAC_CTX_cleanup
HMAC_CTX_init
HMAC_Final
HMAC_Init_ex
HMAC_Update
RC4
RC4_set_key
SHA1_Final
SHA1_Init
SHA1_Update

cygwin1

__assert
__errno
__getreent
__main
_ctype_
_fopen64
_getuid32
_impure_ptr
_setuid32
atoi
calloc
close
connect
cygwin_internal
dll_crt0__FP11per_process
dlopen
dlsym
fclose
fprintf
fread
free
fseek
ftell
fwrite
getc
getopt_long
gettimeofday
inet_aton
malloc
memcpy
memset
optarg
optind
perror
pipe
printf
pthread_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
putchar
puts
rand
read
realloc
recv
rewind
select
send
sleep
snprintf
socket
sprintf
srand
sscanf
strcat
strchr
strcmp
strdup
strerror
strlen
strncat
strncpy
strstr
time
usleep
write

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

iphlpapi

AddIPAddress
DeleteIPAddress
GetAdaptersInfo

kernel32

CloseHandle
CreateFileA
DeviceIoControl
GetLastError
GetModuleHandleA
GetOverlappedResult
GetSystemPowerStatus
ReadFile
WriteFile

setupapi

SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_MEM_DISCARDABLE

.stabstr
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

ef4fb98f6f79cfd658e81584461ee013

Headers

File Characteristics

Imports

cygcrypto-0.9.8

cygwin1

advapi32

iphlpapi

kernel32

setupapi

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 1024B - Virtual size: 928B

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 144KB

.idata Size: 3KB - Virtual size: 3KB

.stab Size: 135KB - Virtual size: 134KB

.stabstr Size: 502KB - Virtual size: 502KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 1024B - Virtual size: 928B

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 144KB

.idata
Size: 3KB - Virtual size: 3KB

.stab
Size: 135KB - Virtual size: 134KB

.stabstr
Size: 502KB - Virtual size: 502KB