3b5b85d92c5da4baefe5449d87cf3301_JaffaCakes118

General

Target

3b5b85d92c5da4baefe5449d87cf3301_JaffaCakes118
Size

597KB
MD5

3b5b85d92c5da4baefe5449d87cf3301
SHA1

78e64e9f29c9b1a400700125f4db851b5cbd4842
SHA256

ca85dea0039fc582d8b70912f185fb4819e7386377633dd36214ccc3362a584a
SHA512

2a1994537dc6e0038f2d6d0c53d355a007094e951221685987023f2ea05f3d1520cc654df3bfb4cf7396a00954f0bb07870fbeb43b30b736844eb284d8ea5cb5
SSDEEP

12288:2rYnyPeVwbsfeG88t7jJ2n6Ezqw1ihWUaXuKxpafCpYr/4Cz:2sn1DWG84jJ2nnihW/XRqcO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BlueSoleil.exe

Files

3b5b85d92c5da4baefe5449d87cf3301_JaffaCakes118
.rar
BlueSoleil.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?BIPAPP_Start@@YAHPAE0@Z
?BIPAPP_Stop@@YAHPAE@Z
?BIPAPP_UIRegCbk@@YAXPAE0@Z
?FTPAPP_Done@@YAXXZ
?FTPAPP_Init@@YAHXZ
?FTPAPP_IsBusy@@YAEPAE@Z
?FTPAPP_Start@@YAHPAEPAUBTPRemoteDeviceItem@@@Z
?FTPAPP_Stop@@YAHPAE@Z
?FTPAPP_UIRegCbk@@YAXPAE0@Z
?LoadLicense@@YAXPBD@Z
?SYNCAPP_Start@@YAHPAEPAUBTPRemoteDeviceItem@@@Z
?SYNCAPP_Stop@@YAHPAE@Z
?SYNCAPP_SvrStart@@YAHPAE@Z
?SYNCAPP_SvrStop@@YAHPAE@Z
?SYNCAPP_UIRegCbk@@YAXPAE0@Z
?UnLoadLicense@@YAHXZ

Sections

Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
read me.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 844KB - Virtual size: 844KB

Size: 116KB - Virtual size: 116KB

Size: 112KB - Virtual size: 112KB

.rsrc Size: 132KB - Virtual size: 132KB

.data Size: 180KB - Virtual size: 180KB

.adata Size: 4KB - Virtual size: 4KB

.mackt Size: 16KB - Virtual size: 16KB

.rsrc
Size: 132KB - Virtual size: 132KB

.data
Size: 180KB - Virtual size: 180KB

.adata
Size: 4KB - Virtual size: 4KB

.mackt
Size: 16KB - Virtual size: 16KB