8ba150630275b7309179897b640108ff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8ba150630275b7309179897b640108ff_JaffaCakes118
Size

1.1MB
MD5

8ba150630275b7309179897b640108ff
SHA1

c702f870d841c91b2b968819345711aed8d41b3a
SHA256

620863d76985b3cbe09ee1ba980a03ca8b726fc1abee5eedea4ddcefbfb4aaaf
SHA512

66b0b810d9d54dcfbb9e7b9255c552d06a277c304ab08e614e08284d404b53cdfe39414c63416cb51d68901ac7cf058cbf1ac8085dc55c8d1fe002e52b350015
SSDEEP

24576:4irLaRLmwLziLzhiLk6KjaY7YYYoZnMrlJ206fJMYHp6xF:bLaRLmwLziLzcLk6KjaY7YYYpJ20YJMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba150630275b7309179897b640108ff_JaffaCakes118

Files

8ba150630275b7309179897b640108ff_JaffaCakes118
.exe windows:5 windows x64 arch:x64

42d13e025544729c31c2dc3c19ec9348

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\OUT\x64_Release\PDB\bitcoin-miner-64.pdb

Imports

ws2_32

WSAGetLastError
getservbyname
ntohs
ntohl

msvcrt

ferror
_purecall
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
atoi
fclose
_fileno
fopen
setvbuf
_read
_write
_get_osfhandle
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__getmainargs
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
printf
__wargv
__argv
__argc
raise
signal
getenv
strncmp
fprintf
strcmp
_time64
_mktime64
_localtime64
_gmtime64
strftime
strstr
_open_osfhandle
_findnext64
__iob_func
_findclose
fwrite
fread
_findfirst64
feof
_fdopen
_wsplitpath
__C_specific_handler
_endthreadex
_beginthreadex
ldexp
isalnum
strerror
strchr
fsetpos
_errno
memchr
wcsstr
wcschr
iswspace
_msize
realloc
malloc
free
isspace
isxdigit
isdigit
strtod
ungetc
sscanf
_pclose
fseek
fputc
fgetpos
fgetc
fflush
memmove
abort
sprintf
_vsnprintf
memcmp
_isatty

user32

CharUpperW
IsCharAlphaW
MessageBeep
MessageBoxW
IsCharUpperW
IsCharLowerW
PostThreadMessageW
CharToOemW
LoadStringW
GetSysColor
GetWindowLongW
EnumWindows
CharLowerW
GetWindowThreadProcessId

ole32

CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
StringFromCLSID
StringFromIID
CLSIDFromProgID
CoTaskMemFree
CoInitialize
StgCreateDocfile
StgOpenStorage

oleaut32

SysAllocString
VarDateFromStr
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetVartype
VariantInit
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType

wininet

HttpSendRequestExW
InternetOpenW
InternetConnectW
HttpEndRequestW
HttpQueryInfoW
InternetSetFilePointer
InternetGetLastResponseInfoW
InternetCrackUrlW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
HttpAddRequestHeadersW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EnumProcessModules

dbghelp

SymFromAddr
SymInitialize
SymGetModuleBase64
SymFunctionTableAccess64
SymCleanup
StackWalk64

shell32

SHGetSpecialFolderPathW

shlwapi

PathStripToRootW
PathIsUNCW

advapi32

GetUserNameW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegCloseKey

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualQuery
VirtualProtect
GetProcessVersion
CreateProcessW
GetProcessTimes
CreateNamedPipeW
ConnectNamedPipe
GetWindowsDirectoryW
GetCommandLineW
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateSemaphoreW
CreateEventW
OpenMutexW
CreateMutexW
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
CopyFileW
lstrcpyW
lstrcpynW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WaitForSingleObjectEx
ResetEvent
DeviceIoControl
GetTempPathW
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
RemoveDirectoryW
ReadFile
GetVolumeInformationW
GetTempFileNameW
GetLongPathNameW
GetFullPathNameW
GetFileSize
GetFileAttributesW
FlushFileBuffers
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
RtlLookupFunctionEntry
MultiByteToWideChar
SetLastError
GetModuleFileNameW
VirtualFree
VirtualAlloc
OpenProcess
GetCurrentProcessId
GetOverlappedResult
HeapSize
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindClose
GetStdHandle
WaitForMultipleObjects
LocalFree
LocalAlloc
GetThreadTimes
SetThreadContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCurrentThread
RtlCaptureContext
ExitProcess
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
CloseHandle
OutputDebugStringA
SizeofResource
SetCommTimeouts
GetModuleHandleW
SetEvent
GetThreadContext
TlsFree
TlsSetValue
TlsAlloc
ResumeThread
SuspendThread
GetExitCodeThread
GetThreadPriority
SetThreadPriority
QueueUserAPC
SleepEx
WaitForSingleObject
RaiseException
FindResourceW
LockResource
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
GetLastError
GetProcAddress
RtlUnwindEx
RtlPcToFileHeader
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
Sleep
GetVersion
GetTickCount
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
QueryDosDeviceW
SetCurrentDirectoryW
LoadLibraryExA
GetSystemDirectoryW
GetVersionExW
FormatMessageW
FreeLibrary
FreeResource
LoadResource
GetSystemInfo

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_fullinfo
pcre_malloc
pcre_stack_free
pcre_stack_malloc

Sections

.text
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42d13e025544729c31c2dc3c19ec9348

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

msvcrt

user32

ole32

oleaut32

wininet

psapi

dbghelp

shell32

shlwapi

advapi32

version

kernel32

Exports

Exports

Sections

.text Size: 514KB - Virtual size: 514KB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 3KB - Virtual size: 26KB

.pdata Size: 39KB - Virtual size: 39KB

.rsrc Size: 302KB - Virtual size: 301KB

.text
Size: 514KB - Virtual size: 514KB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 3KB - Virtual size: 26KB

.pdata
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 302KB - Virtual size: 301KB