2cb78f875a24d4980ea30387ed73ed52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cb78f875a24d4980ea30387ed73ed52_JaffaCakes118
Size

46KB
MD5

2cb78f875a24d4980ea30387ed73ed52
SHA1

7633038d95180180bab2287908b1340720cc6509
SHA256

14b10ed3d0ea0677f9519417130292bddb29bb9469029c7fb081e9d64331528d
SHA512

77c82b69fdbded337190b0ba423afeba57c3c520b06f9d18995f76d8eea5ff740e55c281b5e082ef436f4e95e422c1b3d3a4337ef565cc8d106d662ad6464687
SSDEEP

768:ygM6oELxRAYMiTJqfiyf8i5jf0XLnf7/KchLx22VQiTlh0Wk0wHrcnnpX:NHLX1D9yft5jf0Xbucl4SQiTH0WRpX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cb78f875a24d4980ea30387ed73ed52_JaffaCakes118

Files

2cb78f875a24d4980ea30387ed73ed52_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0fb6ea4b51d8d3dcc6472eed1e026f74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Ben\Desktop\irc\ircbot\Release\ircbot.pdb

Imports

user32

CreateWindowExW
DefWindowProcW
GetMessageW
TranslateMessage
RegisterClassExW
DispatchMessageW

msvcrt

_fileno
_lseeki64
_itoa
_isatty
__pioinfo
__badioinfo
_write
wctomb
_snprintf
_iob
isleadbyte
_controlfp
?terminate@@YAXXZ
memcpy
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
swprintf
wcstombs
time
srand
_wremove
fwprintf
rand
clock
sprintf
fclose
fwrite
tolower
_wfopen
malloc
free
exit
strcspn
atoi
strncmp
mbstowcs
_errno

wininet

InternetAttemptConnect
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

kernel32

LoadLibraryW
Sleep
CreateFileW
OpenMutexW
GetProcAddress
ReleaseMutex
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
DeviceIoControl
WriteFile
GetDriveTypeW
WaitForMultipleObjects
CreateEventW
IsWow64Process
SetErrorMode
CreateMutexW
GetVersionExW
GetLocaleInfoW
GetTickCount
SetFileAttributesW
GetModuleFileNameW
GetFileAttributesW
CopyFileW
TerminateThread
WriteProcessMemory
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualAllocEx
lstrcmpW
VirtualFreeEx
OpenProcess
CreateRemoteThread
IsBadReadPtr
VirtualFree
VirtualProtect
FlushInstructionCache
GetModuleHandleW
GetCurrentProcess
GetProcessHeap
HeapAlloc
FindNextFileW
CreateProcessW
LockResource
VirtualAlloc
SizeofResource
LoadResource
FindResourceW
FreeResource
ExpandEnvironmentStringsW
CreateThread
CloseHandle
FreeLibrary

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fb6ea4b51d8d3dcc6472eed1e026f74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

wininet

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB