C:\OUT\x64_Release\PDB\bitcoin-miner-64.pdb
Static task
static1
Behavioral task
behavioral1
Sample
659c6c75bc33eb082d190f7ec3d7dc88_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
659c6c75bc33eb082d190f7ec3d7dc88_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
659c6c75bc33eb082d190f7ec3d7dc88_JaffaCakes118
-
Size
1.1MB
-
MD5
659c6c75bc33eb082d190f7ec3d7dc88
-
SHA1
30c9421de9649f03641d89d01da3d17481d3228c
-
SHA256
1726f58f49655d41116942b87f5bfa55c53c2280f15350731bb54fe52ff9b765
-
SHA512
68189fd28f0f5e2a06627096e9a43babc923cf89f145c3990ae0b2590cd1ee38d88d8daa27fa5c37de718be6ed52e335517c29b4bf2f0f78025868732fc0ea53
-
SSDEEP
24576:MLaRLmlLz2LzejLNKkKxYEYYYRxgK7k07P0NsDqMBHnb8:MLaRLmlLz2LzqLN7KxYEYYYjdk07P0Nq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 659c6c75bc33eb082d190f7ec3d7dc88_JaffaCakes118
Files
-
659c6c75bc33eb082d190f7ec3d7dc88_JaffaCakes118.exe windows:5 windows x64 arch:x64
36327001db648bc8d2117a8734776432
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
PDB Paths
Imports
ws2_32
WSAGetLastError
getservbyname
ntohs
ntohl
msvcrt
ferror
_purecall
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
atoi
fclose
_fileno
fopen
setvbuf
strtod
_read
_write
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
printf
__wargv
__argv
__argc
raise
signal
getenv
strncmp
fprintf
strcmp
_time64
_mktime64
_localtime64
_gmtime64
strftime
strstr
_open_osfhandle
_findnext64
_get_osfhandle
_findclose
fwrite
fread
_findfirst64
feof
_fdopen
_wsplitpath
memchr
__C_specific_handler
_endthreadex
_beginthreadex
ldexp
isalnum
strerror
strchr
fsetpos
_errno
wcsstr
wcschr
iswspace
_msize
realloc
malloc
free
isspace
isxdigit
isdigit
ungetc
sscanf
_pclose
fseek
fputc
fgetpos
fgetc
fflush
memmove
abort
sprintf
_vsnprintf
memcmp
_isatty
__iob_func
user32
CharUpperW
IsCharAlphaW
MessageBeep
MessageBoxW
IsCharUpperW
IsCharLowerW
PostThreadMessageW
CharToOemA
LoadStringW
GetSysColor
GetWindowLongW
EnumWindows
CharLowerW
GetWindowThreadProcessId
ole32
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
StringFromCLSID
StringFromIID
CLSIDFromProgID
CoTaskMemFree
CoInitialize
StgCreateDocfile
StgOpenStorage
oleaut32
SysAllocString
VarDateFromStr
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetVartype
VariantInit
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType
wininet
HttpSendRequestExW
InternetOpenW
InternetConnectW
HttpEndRequestW
HttpQueryInfoW
InternetSetFilePointer
InternetGetLastResponseInfoW
InternetCrackUrlW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
HttpAddRequestHeadersW
psapi
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EnumProcessModules
dbghelp
SymFromAddr
SymInitialize
SymGetModuleBase64
SymFunctionTableAccess64
SymCleanup
StackWalk64
shell32
SHGetSpecialFolderPathW
shlwapi
PathStripToRootW
PathIsUNCW
advapi32
GetUserNameW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegCloseKey
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
kernel32
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualQuery
VirtualProtect
GetProcessVersion
CreateProcessW
GetProcessTimes
CreateNamedPipeW
ConnectNamedPipe
GetWindowsDirectoryW
GetCommandLineW
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateSemaphoreW
CreateEventW
OpenMutexW
CreateMutexW
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
CopyFileW
lstrcpyW
lstrcpynW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WaitForSingleObjectEx
ResetEvent
DeviceIoControl
GetTempPathW
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
RemoveDirectoryW
ReadFile
GetVolumeInformationW
GetTempFileNameW
GetLongPathNameW
GetFullPathNameW
GetFileSize
GetFileAttributesW
FlushFileBuffers
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
RtlLookupFunctionEntry
MultiByteToWideChar
SetLastError
WideCharToMultiByte
GetModuleFileNameW
VirtualFree
VirtualAlloc
OpenProcess
GetCurrentProcessId
GetOverlappedResult
HeapSize
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindClose
GetStdHandle
WaitForMultipleObjects
LocalFree
LocalAlloc
GetThreadTimes
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentThread
RtlCaptureContext
ExitProcess
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
CloseHandle
OutputDebugStringA
SizeofResource
SetCommTimeouts
GetModuleHandleW
SetEvent
SetThreadContext
GetThreadContext
TlsFree
TlsSetValue
TlsAlloc
ResumeThread
SuspendThread
GetExitCodeThread
GetThreadPriority
SetThreadPriority
QueueUserAPC
SleepEx
WaitForSingleObject
RaiseException
FindResourceW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
GetLastError
GetProcAddress
RtlUnwindEx
RtlPcToFileHeader
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
Sleep
GetVersion
GetTickCount
SetEnvironmentVariableW
ExpandEnvironmentStringsW
QueryDosDeviceW
GetSystemInfo
SetCurrentDirectoryW
LoadLibraryExA
GetVersionExW
FormatMessageW
FreeLibrary
FreeResource
LoadResource
LockResource
GetSystemDirectoryW
Exports
Exports
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_fullinfo
pcre_malloc
pcre_stack_free
pcre_stack_malloc
Sections
.text Size: 520KB - Virtual size: 519KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 302KB - Virtual size: 301KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 296KB - Virtual size: 295KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ