9fcc9191abc23fe256ad7c04dd414574_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9fcc9191abc23fe256ad7c04dd414574_JaffaCakes118
Size

55KB
MD5

9fcc9191abc23fe256ad7c04dd414574
SHA1

47a8900709a6c5e881964b37c5b61b4affb2ba7e
SHA256

daf61be560db57dbd254bbc2e060b99c2ecb07730ac6230030534f21cf37976b
SHA512

9040d704b82702815357dc9f4f2fe8dd66dc5a4c2c8ff79f13437a77df9ec87624f854607ef19eaa597f4ad22cdfa66edecadc80b6bc70fe220984fb7a1f37af
SSDEEP

768:Psw1452+Ml6AQR7iwA0yGJP2YVNn9B0EQ4yWS1biFNw/L+IeugMsTBNHxCPxqVYe:Ew102dl6AK7iEyYP2m/0R4IuVZHMLq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fcc9191abc23fe256ad7c04dd414574_JaffaCakes118

Files

9fcc9191abc23fe256ad7c04dd414574_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1920e576ee01cbf1e6df180e7bfafa7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\php-5.3.13\embed_php\Release\wincgi_md2.pdb

Imports

php50313

php_request_shutdown
sapi_shutdown
tsrm_shutdown
tsrm_startup
ts_resource_ex
sapi_startup
zend_llist_init
sapi_globals_id
php_request_startup
php_module_shutdown
php_register_variable
php_module_startup
php_import_environment_variables
php_handle_aborted_connection
php_module_shutdown_wrapper
zend_error
zif_dl
hc_cgi_mainproc
executor_globals_id
zend_eval_string

msvcr90

_ismbblead
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_setjmp3
strcmp
__argv
__argc
fflush
__iob_func
fwrite
fprintf
memcpy
malloc
_fileno
_fmode
free
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_setmode
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit

kernel32

GetCurrentThreadId
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedExchange
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1920e576ee01cbf1e6df180e7bfafa7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php50313

msvcr90

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 1024B - Virtual size: 630B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 1024B - Virtual size: 630B