aa88f5dff912d6aa839b10aa658a5baf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa88f5dff912d6aa839b10aa658a5baf_JaffaCakes118
Size

458KB
MD5

aa88f5dff912d6aa839b10aa658a5baf
SHA1

1a89cff4066823f36e73c2b0f9a3fb344e02c15c
SHA256

69efd196cde0eb6c3a45873ffbed9c4e88bae6c352ef2f69fcf9a760250fee87
SHA512

856e73fba13b5b3af8a94c7f2735370074c2a3aa2947f3260bf6163bbeed78d0284765393d216efbbde7617f6e5e65d13fa56d3675b536195bc93975256241bf
SSDEEP

6144:G7hAThCL6S2XfufTbYo1a5Rb1DO1NijemTydzZ5N31bVFdgigIpQzRDBE9WcSz0:lCLh2mfTbYpDCOMzZx9g0pQKWcSz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa88f5dff912d6aa839b10aa658a5baf_JaffaCakes118

Files

aa88f5dff912d6aa839b10aa658a5baf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef54c708eadf5f3e745b33e89666470e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cyggeoip-1

GeoIP_country_code_by_addr
GeoIP_delete
GeoIP_new
GeoIP_open

cygcrypt-0

crypt

cygwin1

__assert
__errno
__getreent
__main
_ctype_
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_stat64
abort
accept
alarm
atof
atoi
atol
bind
calloc
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
execvp
exit
fclose
fflush
fgets
fileno
fnmatch
fork
fprintf
free
fwrite
gethostbyname
getpeername
getpid
getrlimit
getrusage
getsockname
getsockopt
gettimeofday
gmtime
h_errno
herror
hstrerror
inet_addr
inet_aton
inet_ntoa
inet_ntop
inet_pton
ioctl
isatty
kill
link
listen
localtime
malloc
memcpy
memset
mkdir
mktime
munmap
opendir
perror
poll
printf
putchar
puts
raise
rand
read
readdir
realloc
recv
rename
select
send
sendto
setenv
setlocale
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srand
sscanf
statvfs
strcasecmp
strchr
strcmp
strcpy
strerror
strftime
strlen
strncasecmp
strncat
strncmp
strncpy
strptime
strrchr
strsignal
strstr
strtok
strtol
strtoul
tcgetattr
tcsetattr
time
uname
unlink
usleep
vprintf
vsnprintf
waitpid
write

cyggnutls-26

gnutls_bye
gnutls_certificate_allocate_credentials
gnutls_cipher_set_priority
gnutls_compression_set_priority
gnutls_credentials_set
gnutls_deinit
gnutls_global_init
gnutls_handshake
gnutls_init
gnutls_kx_set_priority
gnutls_mac_set_priority
gnutls_protocol_set_priority
gnutls_record_recv
gnutls_record_send
gnutls_strerror
gnutls_transport_set_ptr

cygruby18

rb_cFalseClass
rb_cFixnum
rb_cNilClass
rb_cObject
rb_cSymbol
rb_cTrueClass
rb_class_new_instance
rb_class_path
rb_data_object_alloc
rb_define_class
rb_define_global_function
rb_define_method
rb_define_singleton_method
rb_define_variable
rb_eval_string_protect
rb_funcall
rb_funcall2
rb_gc_register_address
rb_gv_get
rb_int2inum
rb_intern
rb_ll2inum
rb_load_file
rb_obj_as_string
rb_obj_call_init
rb_protect
rb_respond_to
rb_str2cstr
rb_str_new
ruby_cleanup
ruby_errinfo
ruby_exec
ruby_finalize
ruby_init
ruby_init_loadpath
ruby_script
ruby_show_version
ruby_errinfo
rb_cFalseClass
rb_cFixnum
rb_cTrueClass
rb_cNilClass
rb_cSymbol
rb_cObject

kernel32

GetModuleHandleA

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef54c708eadf5f3e745b33e89666470e

Headers

File Characteristics

Imports

cyggeoip-1

cygcrypt-0

cygwin1

cyggnutls-26

cygruby18

kernel32

Sections

.text Size: 289KB - Virtual size: 288KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 79KB - Virtual size: 79KB

.bss Size: - Virtual size: 37KB

.idata Size: 6KB - Virtual size: 5KB

.text
Size: 289KB - Virtual size: 288KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 79KB - Virtual size: 79KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 6KB - Virtual size: 5KB