26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118
Size

253KB
MD5

26fe3f29f0e7e3327db27da0808498e9
SHA1

c8a1b7822961e1463c27b543ff2ac7e354e3b105
SHA256

ba661a55ac807edfa9af6603079300abb304f2c5ae156f06deacc52137455d01
SHA512

f404d9c3bab18f873dc705944c1b942abb4cff3b687c94f4477920b005a42841396ca7a5e573048aa6bbdec2d5d572aa2601bd513b043eee031ad41a44f5946d
SSDEEP

6144:ratXEDBtSYH1j24ZqskT7wtEPeRVp8axV:UXEDBtSYVj24ZqskTGV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118

Files

26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c6505a43f03764e5bb264a2c0c77f353

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypt-0

crypt

cygcurl-3

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_global_cleanup
curl_global_init

cygwin1

__assert
__errno
__main
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_setgid32
_setgroups32
_setuid32
_stat64
abort
accept
alarm
atof
atoi
bind
calloc
chdir
chroot
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
exit
fclose
fflush
fgetc
fgets
fileno
fork
fprintf
fputc
fputs
free
fwrite
gethostbyname
getopt
getpeername
getpid
getpwnam
getrlimit
getrusage
getsockname
getsockopt
gettimeofday
h_errno
ioctl
isatty
kill
link
listen
localtime
malloc
memcpy
memset
mktime
munmap
opendir
optarg
optind
pathconf
posix_regcomp
posix_regexec
posix_regfree
printf
putchar
puts
raise
rand
read
readdir
realloc
remove
rename
rmdir
select
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srand
sscanf
statvfs
strcasecmp
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncat
strncpy
strrchr
strsignal
strstr
strtol
tcgetattr
tcsetattr
time
uname
unlink
usleep
vprintf
vsnprintf
waitpid
write
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_lseek64
_lstat64
_mmap64
_open64
posix_regcomp
posix_regexec
posix_regfree
_setgid32
_setgroups32
_setuid32
_stat64
__getreent
pthread_create
pthread_detach
h_errno

advapi32

AdjustTokenPrivileges
GetUserNameA
InitiateSystemShutdownA
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
CreateToolhelp32Snapshot
DuplicateHandle
FormatMessageA
GetCurrentDirectoryA
GetCurrentProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
GetVersionExA
GlobalMemoryStatus
Module32First
OpenProcess
Process32First
Process32Next
ReadFile
SetHandleInformation
Sleep
TerminateProcess
WriteFile

shell32

ShellExecuteA

user32

wsprintfA

winmm

mciSendStringA

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6505a43f03764e5bb264a2c0c77f353

Headers

File Characteristics

Imports

cygcrypt-0

cygcurl-3

cygwin1

advapi32

kernel32

shell32

user32

winmm

Sections

.text Size: 187KB - Virtual size: 186KB

.data Size: 512B - Virtual size: 272B

.rdata Size: 59KB - Virtual size: 59KB

.bss Size: - Virtual size: 10KB

.idata Size: 5KB - Virtual size: 5KB

.text
Size: 187KB - Virtual size: 186KB

.data
Size: 512B - Virtual size: 272B

.rdata
Size: 59KB - Virtual size: 59KB

.bss
Size: - Virtual size: 10KB

.idata
Size: 5KB - Virtual size: 5KB