a087ede230623ca37733df0fd4db9661_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a087ede230623ca37733df0fd4db9661_JaffaCakes118
Size

234KB
MD5

a087ede230623ca37733df0fd4db9661
SHA1

4de0897a47f66d90db1c57ecd640ec6157491b57
SHA256

aee028e3034d0c9a7cf127ec18b25eb5d6a0fc6eaacea3d19e42d8679705b69e
SHA512

83243f365a9569ff187df9e12a501fc38612369ef5b2b9b0352ef3f16f59215f1a25adcdd6c44da8f5998b82ac3359dcd61263080484eda395eaf3b5619053ae
SSDEEP

6144:UKSJVwl1kEOdbWIciJmOhs+GIIO4YeOG8hlD:4vCAcUGIQYeG1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a087ede230623ca37733df0fd4db9661_JaffaCakes118

Files

a087ede230623ca37733df0fd4db9661_JaffaCakes118
.dll windows:4 windows x86 arch:x86

de5aae12a4244eb5d9d1c91871ad261b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5ts

zend_wrong_param_count
_convert_to_string
_zval_copy_ctor_func
zend_get_parameters_ex
_erealloc
convert_to_long
_safe_erealloc
_estrndup
add_assoc_string_ex
add_assoc_long_ex
_array_init
zend_parse_parameters
php_stream_bucket_append
php_stream_bucket_new
php_stream_bucket_make_writeable
_php_stream_filter_alloc
_zval_ptr_dtor
convert_to_boolean
zend_hash_find
_ecalloc
_safe_malloc
_safe_emalloc
php_file_le_pstream
php_file_le_stream
zend_fetch_resource
php_error_docref0
_php_stream_read
php_addslashes
php_info_print_table_start
php_info_print_table_row
php_info_print_table_end
php_unregister_url_stream_wrapper
php_stream_filter_unregister_factory
php_register_url_stream_wrapper
php_stream_filter_register_factory
virtual_filepath_ex
core_globals_id
php_checkuid
php_check_open_basedir
_estrdup
_php_stream_open_wrapper_ex
_php_stream_cast
virtual_unlink
_emalloc
_php_stream_alloc
_php_stream_free
_efree
zif_fwrite
zif_fflush
php_stream_bucket_delref
zif_fclose

msvcrt

_strnicmp
_stricmp
_fdopen
_fileno
_adjust_fdiv
_initterm
_isctype
__mb_cur_max
_pctype
fopen
fclose
fgetc
ungetc
fread
fflush
fwrite
malloc
_iob
fprintf
exit
free
_ftol
memchr
_setmode

kernel32

DisableThreadLibraryCalls

Exports

Exports

_php_stream_bz2open
_php_stream_bz2open_from_BZFILE
get_module

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de5aae12a4244eb5d9d1c91871ad261b

Headers

File Characteristics

Imports

php5ts

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB