8c429b88cf6a00bc36c76592ed35c116_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c429b88cf6a00bc36c76592ed35c116_JaffaCakes118
Size

11KB
MD5

8c429b88cf6a00bc36c76592ed35c116
SHA1

f58dc04b4ffe4c4ef101db6c6df87cb74cc5a50e
SHA256

0038441bf44000bd27a3d06a4a5cc49e3f0edc7334bd621b18193915aa2f0fd1
SHA512

d74cc49717ff4a30fae172ead18757c6bcfdd265d48baf9d61d7ad3d69dad17c07f3b35358cb62dec9a543daa246d83ce08c9fb900ebed698f357b8bf4c7652c
SSDEEP

96:8+TlFrFSno/dTbl6D0/da6EDhkoqk2U6Exy+6xMltua4a8q6EgdLJJGI+UqWu6W0:Vflyqk2U6El6xZa4A6EgdLJJ9hqWgZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c429b88cf6a00bc36c76592ed35c116_JaffaCakes118

Files

8c429b88cf6a00bc36c76592ed35c116_JaffaCakes118
.exe windows:5 windows x86 arch:x86

331896cd921c14476254effb7b2c61e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\php-5.3.13\embed_php\Release\win_type_invini_md.pdb

Imports

php50313md

php_request_shutdown
sapi_shutdown
tsrm_shutdown
tsrm_startup
ts_resource_ex
sapi_startup
zend_llist_init
sapi_globals_id
php_request_startup
php_module_shutdown
php_register_variable
php_module_startup
php_import_environment_variables
php_handle_aborted_connection
php_module_shutdown_wrapper
zend_error
zif_dl
executor_globals_id
php_res_stream_open
_php_stream_copy_to_mem
php_addslashes
_efree
PHP_MD5Init
_php_stream_read
PHP_MD5Update
PHP_MD5Final
_php_stream_free
make_digest_ex
zend_eval_string

msvcr90

free
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
strcmp
strcat
strcpy
__argc
__argv
_setjmp3
fflush
__iob_func
fwrite
fprintf
memcpy
malloc
_fileno
_fmode
_setmode
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode

kernel32

SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

331896cd921c14476254effb7b2c61e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php50313md

msvcr90

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 996B

.reloc Size: 1024B - Virtual size: 670B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 996B

.reloc
Size: 1024B - Virtual size: 670B