28082e7fc30b9439d2bb7d58e5002929_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28082e7fc30b9439d2bb7d58e5002929_JaffaCakes118
Size

49KB
MD5

28082e7fc30b9439d2bb7d58e5002929
SHA1

38280a51e418f99a4ce69f253d924dbbac6f9207
SHA256

5175d28edc37244a54919522ea74ff3c9805e336a4a1b8ee5d9ed4bb3e8dbb16
SHA512

e3325c721578ad97788efe24a64cb3caa8cec2158e9102bca138ea5333dd8d1ef7037690528783014bc851f9fb1c87055704dc4835262c03dbff52b10f712c03
SSDEEP

1536:b9km4GrM0YAiKZoYUAO7AqoTcCtvT8ysQGW3:b34GRSKJ2RoptvTRsFW3

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ASM/example1.EXE
unpack001/C/rstat32.exe
unpack001/C/self.exe
unpack001/bin2inch.exe
unpack001/binpack.exe
unpack001/hash.EXE
unpack001/image.EXE

Files

28082e7fc30b9439d2bb7d58e5002929_JaffaCakes118
.zip
ASM/example1.EXE
.exe windows:1 windows x86 arch:x86

8bcc8b356ffc701e04fab9c30bfce3fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleHandleA
GetStdHandle
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalLock
MapViewOfFile
ReadFile
SetConsoleTextAttribute
SetEndOfFile
SetFilePointer
UnmapViewOfFile
WriteConsoleA
WriteFile
_lcreat
lstrlen
AllocConsole

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ASM/example1.asm
ASM/make.bat
ASM/ring3krn.inc
C/rstat32.cpp
C/rstat32.exe
.exe windows:1 windows x86 arch:x86

0606233603874677bc37fa9320b4a5d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

cw3230

@$bnwa$qui
@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ExceptionHandler
___debuggerDisableTerminateCallback
__argc
__argv
__exitargv
__flushall
__setargv
__startup
_abort
_exit
_fclose
_filelength
_findfirst
_findnext
_fopen
_fread
_free
_malloc
_memcpy
_printf
_strcat
_strcpy
_strlen
_toupper

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
C/self.exe
.exe windows:1 windows x86 arch:x86

4fe28a57d2c17ff21ea928f421b34760

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

cw3230

@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ExceptionHandler
___debuggerDisableTerminateCallback
__argc
__argv
__exitargv
__flushall
__setargv
__startup
_abort
_free
_malloc
_memcpy
_printf

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
C/self_reengering.cpp
bin2inch.cpp
bin2inch.exe
.exe windows:1 windows x86 arch:x86

f98a2f3312c1e0c3e1321d9d02668e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3230

_abort
@__unlockDebuggerData$qv
@__lockDebuggerData$qv
@$bdele$qpv
__ExceptionHandler
__setargv
__argc
__argv
__exitargv
@$bnwa$qui
@_CatchCleanup$qv
__startup
___debuggerDisableTerminateCallback
_fclose
_filelength
_fopen
_fprintf
_fread
_memcpy
_printf
__flushall

kernel32

TlsSetValue
TlsFree
TlsAlloc
LocalFree
TlsGetValue
LocalAlloc
GetModuleHandleA

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binpack.cpp
binpack.exe
.exe windows:1 windows x86 arch:x86

f98a2f3312c1e0c3e1321d9d02668e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3230

_abort
@__unlockDebuggerData$qv
@__lockDebuggerData$qv
@$bdele$qpv
__ExceptionHandler
__setargv
__argc
__argv
__exitargv
@$bnwa$qui
@_CatchCleanup$qv
__startup
___debuggerDisableTerminateCallback
_fclose
_filelength
_fopen
_fprintf
_fread
_memcpy
_printf
__flushall

kernel32

TlsSetValue
TlsFree
TlsAlloc
LocalFree
TlsGetValue
LocalAlloc
GetModuleHandleA

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
build.bat
dizx32.h
dizx32.inc
dizx32/WIN.INC
dizx32/dizx32def.h
dizx32/dizx32def.inc
dizx32/dizx32s.inc
dizx32/dizx32tbl.inc
dizx32/hash.asm
dizx32/image.asm
dizx32_r.txt
file_id.diz
hash.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
hash.bat
hash.inc
image.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
image.bat
ripers.bat

Sharing

General

Malware Config

Signatures

Files

8bcc8b356ffc701e04fab9c30bfce3fa

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

0606233603874677bc37fa9320b4a5d8

Headers

File Characteristics

Imports

kernel32

cw3230

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

4fe28a57d2c17ff21ea928f421b34760

Headers

File Characteristics

Imports

kernel32

cw3230

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f98a2f3312c1e0c3e1321d9d02668e91

Headers

File Characteristics

Imports

cw3230

kernel32

Exports

Exports

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 2KB - Virtual size: 4KB

TLS Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f98a2f3312c1e0c3e1321d9d02668e91

Headers

File Characteristics

Imports

cw3230

kernel32

Exports

Exports

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 1024B - Virtual size: 4KB

TLS Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 1KB - Virtual size: 4KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 2KB - Virtual size: 4KB

TLS
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 1024B - Virtual size: 4KB

TLS
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 1KB - Virtual size: 4KB

CODE
Size: 1KB - Virtual size: 4KB