5c0d4cd8a9686c2bc197bc28b11a59fe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5c0d4cd8a9686c2bc197bc28b11a59fe_JaffaCakes118
Size

31KB
MD5

5c0d4cd8a9686c2bc197bc28b11a59fe
SHA1

c1388cbd26732c60f360e31e57e492329aa05318
SHA256

aae777220560cc257025b4d920acf79aeca4b7f2fed263414572a1d2fccd4789
SHA512

70cac4071be0d0c73a83b5cb0b80e0f879b4870c5297f526aa8fff014330eb7a44e927ae487b8f785e2d666355dcea9d3c6cf63b0665ac4da44470e78f9a8eee
SSDEEP

768:gytrvM6aqmF3FvcqyrsPfH6hRRnhGmy63TiZ3B4v1kio:RVvM6aqmF3FvctsPyzRhby6k3B4ro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c0d4cd8a9686c2bc197bc28b11a59fe_JaffaCakes118

Files

5c0d4cd8a9686c2bc197bc28b11a59fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

428b2ec1d2f9708c7c1f5377040b7076

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\views\nw\nt86\7.6.2\gst\binsrc\nt86\0\gstping.pdb

Imports

libnsr

asHex
encrypt_string

librpc

__lgto_xdr_double
__lgto_xdr_bool
__lgto_xdr_string
__lgto_xdr_bytes
__lgto_xdr_int
__lgto_xdr_uint32_t
__lgto_xdr_enum
__lgto_xdr_int32_t
__lgto_xdr_float
authlgto_login_with_nonce_create
__lgto_xdr_int64_t
__lgto_clnt_sperror
__lgto_xdr_void
__lgto_pmap_getport
__lgto_bindresvport
__lgto_clnttcp_create
__lgto_clnt_spcreateerror
__lgto_xdr_uint64_t
__lgto_xdr_pointer

libcommonssl

comssl_ssl_write
comssl_ssl_read
comssl_ssl_get_error
comssl_ssl_shutdown
comssl_ssl_clear
comssl_cryptoiface_get_crypt_random
comssl_ssl_connect
comssl_ssl_free
comssl_ssl_set_fd
comssl_ssl_ctx_free
comssl_ssl_new
comssl_ssl_ctx_new
comssl_ssl_client_method
comssl_cryptoiface_initialize
comssl_ssliface_initialize

liblocal

is_structext_xml
msg_xmlstr_to_structext
msg_vstructext_create
msg_structext_new
msg_structext_free
render_structext
inttostr
lg_thread_sleep
lg_localtime
lg_strftime
xmalloc
lg_getaddrinfo
lg_inet_setport
lg_inet_ntop
lg_socket
lg_getlocalhost
lg_connect
lg_setsockopt
lgsoblock
lgsononblock
Debug
debugprintf
lg_sprintf
lg_getsockname
lg_freeaddrinfo
xcalloc
_lginit
lg_set_progname
msg_print
lg_get_progname
lg_fprintf
_opterr
getopt
_optarg
xstrdup

ws2_32

htonl
ntohl
htons

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
_stricmp
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
__lconv_init
calloc
strstr
atoi
exit
__iob_func
perror
free
memcpy

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

428b2ec1d2f9708c7c1f5377040b7076

Headers

File Characteristics

PDB Paths

Imports

libnsr

librpc

libcommonssl

liblocal

ws2_32

msvcr80

kernel32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 2KB - Virtual size: 1KB