1c38daab7568127420d7af4f2c31cfe7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c38daab7568127420d7af4f2c31cfe7_JaffaCakes118
Size

101KB
MD5

1c38daab7568127420d7af4f2c31cfe7
SHA1

af53818f74888d58e9d175ce065286f1f4a27c61
SHA256

cf46a1a2bd75260638598908075ebfa37ac0a5073e9555025895e506fe8a0807
SHA512

15d71267720b25a8a618e131c31d40194c083adebf8a6633952e0021efb43e49748474f0a9dcb2af3b8c264a134b6ea13a906f72ee9e9690733f2224a4735693
SSDEEP

3072:pxIzqyBHwE70wY57n3uTew9gNxexU7d5pDt:p2z9BHwE7015T3uTAxexU7FDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/nc111nt_rodneybeede/nc.exe

Files

1c38daab7568127420d7af4f2c31cfe7_JaffaCakes118
.zip
nc111nt_rodneybeede/doexec.c
nc111nt_rodneybeede/doexec.o
nc111nt_rodneybeede/generic.h
nc111nt_rodneybeede/getopt.c
nc111nt_rodneybeede/getopt.h
nc111nt_rodneybeede/getopt.o
nc111nt_rodneybeede/hobbit.txt
nc111nt_rodneybeede/license.txt
nc111nt_rodneybeede/makefile
nc111nt_rodneybeede/makewin.cmd
nc111nt_rodneybeede/nc.exe
.exe windows:4 windows x86 arch:x86

b255786832d9ad08fc793fc3fa89494e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
FreeConsole
GetAtomNameA
GetStdHandle
SetUnhandledExceptionFilter

msvcrt

_close
_dup
_kbhit
_open
_read
_strcmpi
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_iob
_isatty
_onexit
_setjmp
_setmode
_sleep
abort
atexit
atoi
exit
fflush
fprintf
free
getenv
gets
longjmp
malloc
memcmp
memcpy
memset
rand
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
time

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
htons
inet_addr
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 528B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nc111nt_rodneybeede/netcat.c
nc111nt_rodneybeede/netcat.o
nc111nt_rodneybeede/readme.rodneybeede.txt
nc111nt_rodneybeede/readme.txt

Sharing

General

Malware Config

Signatures

Files

b255786832d9ad08fc793fc3fa89494e

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 120B

.rdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 528B

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 120B

.rdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 528B

.idata
Size: 2KB - Virtual size: 2KB