b73afa1ffed8143b99d3ed5856209ca6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b73afa1ffed8143b99d3ed5856209ca6_JaffaCakes118
Size

1.4MB
MD5

b73afa1ffed8143b99d3ed5856209ca6
SHA1

49d45050e1f2565017b1536a6eb5a85b0dd1648c
SHA256

1c3b5d260e9809efb194de5d5c77428a95d6efa5ad39ea91e1d03355253b42a2
SHA512

840d032bea25bdd09a1f34d08034725dc8a7f75db0c1545634f13004deba8ea4c9e34a1b656653de819f88ed9ecc46972197a93b9dd48451518e851fd4d4d7b8
SSDEEP

24576:5jMFSW6C/xPXQMGCaj0+sL3yuIRNPvzpK43Ecfd6O2kmUv1QXoR9nHsOu7ONAfIv:+FSqPXhaj0+sL3JCN9pEckO1JQM9nMOl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/utils/scrmake.exe

Files

b73afa1ffed8143b99d3ed5856209ca6_JaffaCakes118
.zip
demo/index.html
.html
demo/injector.swf
demo/injector_config.xml
demo/injector_controller.swf
injector.pl
.pl .sh linux
magicsql/Sec_Login.html
.html
magicsql/Sec_Login.swf
magicsql/Sec_Login_config.xml
magicsql/Sec_Login_controller.swf
modules/injectormod.include
modules/ishell.include
modules/ru.scr
modules/tabledumper.include
modules/tra_tabledumper.include
modules/udprevshell.include
.sh linux
modules/uploadfile.include
.sh linux
templates/get_template.include
templates/post_template.include
tmp/fscan.scr
utils/scrmake.exe
.exe windows:4 windows x86 arch:x86

6fadf0c8d6bdacd3b0ce33751bed435f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\utils\scrmake.pdb

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
GetLastError
CreateFileA
GetModuleHandleA
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapFree
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetEndOfFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6fadf0c8d6bdacd3b0ce33751bed435f

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 11KB

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 11KB

.idata
Size: 2KB - Virtual size: 1KB