b2a86593331043f4c4ae823965ec90ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2a86593331043f4c4ae823965ec90ed_JaffaCakes118
Size

263KB
MD5

b2a86593331043f4c4ae823965ec90ed
SHA1

95a9c6d3316d80992d4870c6f2af79c1d0c88f24
SHA256

3f126db4870a92ba34984e77aac989a98cfb8aefb2dc94ca8542ad8b195acdc4
SHA512

eb931d128a4e2baa9eeaba0ce8d347c4e4ddb7c7912c353c805199d24adcfa7384a5d3ca3a3b1a0e2df911b4d450ce514dc9c422faa598febc19630d689c2568
SSDEEP

6144:AMNvfH2IrOD80eYr04y15IazKG+RvPA7Tz1ieK4xalIesV:AM9WIrOD7/xpgKG6oz1X3alI1V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iroffer-dinoex-3.20-win32-it/iroffer-it.exe

Files

b2a86593331043f4c4ae823965ec90ed_JaffaCakes118
.zip
iroffer-dinoex-3.20-win32-it/LICENSE
iroffer-dinoex-3.20-win32-it/README-iroffer.txt
iroffer-dinoex-3.20-win32-it/README.modDinoex
iroffer-dinoex-3.20-win32-it/THANKS
iroffer-dinoex-3.20-win32-it/footer.html
iroffer-dinoex-3.20-win32-it/header.html
.html .js polyglot
iroffer-dinoex-3.20-win32-it/help-admin-it.txt
iroffer-dinoex-3.20-win32-it/htdocs/iroffer-state.css
iroffer-dinoex-3.20-win32-it/htdocs/robots.txt
iroffer-dinoex-3.20-win32-it/iroffer-it.exe
.exe windows:4 windows x86 arch:x86

c5809509fa90dd67f9ed6d80e6b006a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cyggeoip-1

GeoIP_country_code_by_addr
GeoIP_delete
GeoIP_new
GeoIP_open

cygcrypt-0

crypt

cygwin1

__assert
__errno
__getreent
__main
_ctype_
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_stat64
abort
accept
alarm
atof
atoi
atol
bind
calloc
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
execvp
exit
fclose
fflush
fgets
fileno
fnmatch
fork
fprintf
free
fwrite
gethostbyname
getpeername
getpid
getrlimit
getrusage
getsockname
getsockopt
gettimeofday
gmtime
h_errno
herror
hstrerror
inet_addr
inet_aton
inet_ntoa
inet_ntop
inet_pton
ioctl
isatty
kill
link
listen
localtime
malloc
memcpy
memset
mkdir
mktime
munmap
opendir
perror
poll
printf
putchar
puts
raise
rand
read
readdir
readdir_r
realloc
recv
rename
select
send
sendto
setenv
setlocale
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srand
sscanf
statvfs
strcasecmp
strchr
strcmp
strcpy
strerror
strftime
strlen
strncasecmp
strncat
strncmp
strncpy
strptime
strrchr
strsignal
strstr
strtok
strtol
strtoul
tcgetattr
tcsetattr
time
uname
unlink
usleep
vprintf
vsnprintf
waitpid
write

cyggnutls-26

gnutls_bye
gnutls_certificate_allocate_credentials
gnutls_certificate_client_set_retrieve_function
gnutls_certificate_free_credentials
gnutls_certificate_type_get
gnutls_cipher_set_priority
gnutls_compression_set_priority
gnutls_credentials_set
gnutls_deinit
gnutls_global_init
gnutls_handshake
gnutls_init
gnutls_kx_set_priority
gnutls_mac_set_priority
gnutls_protocol_set_priority
gnutls_record_recv
gnutls_record_send
gnutls_strerror
gnutls_transport_set_ptr
gnutls_x509_crt_deinit
gnutls_x509_crt_import
gnutls_x509_crt_init
gnutls_x509_privkey_deinit
gnutls_x509_privkey_import
gnutls_x509_privkey_init

cygruby18

rb_cFalseClass
rb_cFixnum
rb_cNilClass
rb_cObject
rb_cSymbol
rb_cTrueClass
rb_class_new_instance
rb_class_path
rb_data_object_alloc
rb_define_class
rb_define_global_function
rb_define_method
rb_define_singleton_method
rb_define_variable
rb_eval_string_protect
rb_funcall
rb_funcall2
rb_gc_register_address
rb_gv_get
rb_int2inum
rb_intern
rb_ll2inum
rb_load_file
rb_obj_as_string
rb_obj_call_init
rb_protect
rb_respond_to
rb_str2cstr
rb_str_new
ruby_cleanup
ruby_errinfo
ruby_exec
ruby_finalize
ruby_init
ruby_init_loadpath
ruby_script
ruby_show_version
ruby_errinfo
rb_cFalseClass
rb_cFixnum
rb_cTrueClass
rb_cNilClass
rb_cSymbol
rb_cObject

kernel32

GetModuleHandleA

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
iroffer-dinoex-3.20-win32-it/sample.config

Sharing

General

Malware Config

Signatures

Files

c5809509fa90dd67f9ed6d80e6b006a9

Headers

File Characteristics

Imports

cyggeoip-1

cygcrypt-0

cygwin1

cyggnutls-26

cygruby18

kernel32

Sections

.text Size: 287KB - Virtual size: 286KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 86KB - Virtual size: 85KB

.bss Size: - Virtual size: 36KB

.idata Size: 6KB - Virtual size: 6KB

.text
Size: 287KB - Virtual size: 286KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 86KB - Virtual size: 85KB

.bss
Size: - Virtual size: 36KB

.idata
Size: 6KB - Virtual size: 6KB