42f33f89b7edc9b4d34b5c81bac2d1ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42f33f89b7edc9b4d34b5c81bac2d1ae_JaffaCakes118
Size

339KB
MD5

42f33f89b7edc9b4d34b5c81bac2d1ae
SHA1

cf202f5655c2b929886ebac9d1d4cea6bcb0695d
SHA256

7fca5409162cb8c5994067474cafafeb2789ddab2eaf7b6e046fa03eff4ab789
SHA512

50b89747532009c7a358e025249cb7ed93279f2da39ee0b4b2b1463b52c5e92a2b40f6d4a32daf3e2749e65a54dbfd42d33620e06b5a7f27857a38556eec5d9f
SSDEEP

6144:0hWjNr2WPxY2ZP6+crtXlEUJ2EYfYoWalHdufZMfpvgu6ty:myiuxY2BvKttJ2ZVWalHdufSVwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42f33f89b7edc9b4d34b5c81bac2d1ae_JaffaCakes118

Files

42f33f89b7edc9b4d34b5c81bac2d1ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3617f4cfc92fa21a1a23bb0257f87b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__main
_ctype_
abort
accept
alarm
atoi
atol
bind
calloc
chmod
close
connect
creat
ctime
cygwin_internal
dlclose
dlerror
dll_crt0__FP11per_process
dlopen
dlsym
exit
fclose
fcntl
fflush
fgets
fopen
fork
fprintf
fputs
free
freopen
fstat
fsync
getcwd
getdtablesize
getenv
geteuid
gethostbyaddr
gethostbyname
gethostname
getpid
getppid
getrusage
getsockname
getuid
inet_addr
inet_aton
inet_ntoa
kill
listen
localtime
longjmp
malloc
memcpy
memset
open
printf
pthread_mutex_lock
pthread_mutex_unlock
putchar
puts
random
read
realloc
rename
select
setjmp
setlocale
setpgid
setsockopt
sigaction
sigemptyset
snprintf
socket
sprintf
srandom
sscanf
stat
strcasecmp
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncasecmp
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
time
tolower
toupper
uname
unlink
vsnprintf
write

kernel32

AddAtomA
FindAtomA
FreeConsole
GetAtomNameA
GetModuleHandleA

tcl84

Tcl_AppendElement
Tcl_AppendResult
Tcl_ConvertElement
Tcl_CreateInterp
Tcl_CreateObjCommand
Tcl_DStringAppend
Tcl_DStringFree
Tcl_DStringInit
Tcl_DeleteCommand
Tcl_DeleteInterp
Tcl_DoOneEvent
Tcl_Eval
Tcl_EvalFile
Tcl_ExprLong
Tcl_FindExecutable
Tcl_Free
Tcl_GetByteArrayFromObj
Tcl_GetEncoding
Tcl_GetVar
Tcl_GetVar2
Tcl_GetVar2Ex
Tcl_GlobalEval
Tcl_Init
Tcl_Merge
Tcl_PkgProvide
Tcl_ResetResult
Tcl_ScanElement
Tcl_SetSystemEncoding
Tcl_SetVar
Tcl_SetVar2
Tcl_SplitList
Tcl_TraceVar
Tcl_UntraceVar
Tcl_UtfToLower
Tcl_VarEval
Tcl_VarTraceInfo
Tcl_WrongNumArgs

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3617f4cfc92fa21a1a23bb0257f87b5

Headers

File Characteristics

Imports

cygwin1

kernel32

tcl84

Sections

.text Size: 320KB - Virtual size: 320KB

.data Size: 13KB - Virtual size: 12KB

.rdata Size: 1024B - Virtual size: 952B

.bss Size: - Virtual size: 15KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 320KB - Virtual size: 320KB

.data
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1024B - Virtual size: 952B

.bss
Size: - Virtual size: 15KB

.idata
Size: 4KB - Virtual size: 3KB