d404bacdd9a3e99fbbd6409c38dbd963_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d404bacdd9a3e99fbbd6409c38dbd963_JaffaCakes118
Size

129KB
MD5

d404bacdd9a3e99fbbd6409c38dbd963
SHA1

27f1def1ee104fd9f96740cad9e8ecb96eb12036
SHA256

1a42dbd7b64a43b5d59344ab70e501b40d1d7319620f42d04c113b427d9248f4
SHA512

1ac185e742df84c5b2ebeab8c6a1914b6128b283e31a8efd15750057d04645d7564c85a86c9df66e7250775108c1cb3734e9205b497f0e07c4b3aeb04d8fb94a
SSDEEP

3072:S13JcmnB7qkMj5R4WMEGyChJkT44YFj2m6Y3zrZ9RQhR3yu3X1m:SPccmj5RME1ok44YFj2m6Y3zrbiRC8X1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d404bacdd9a3e99fbbd6409c38dbd963_JaffaCakes118

Files

d404bacdd9a3e99fbbd6409c38dbd963_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90885289a7a9b8553fd933057f661fab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypt-0

crypt

cygcurl-3

curl_easy_cleanup
curl_easy_init
curl_easy_setopt
curl_global_cleanup
curl_global_init
curl_multi_add_handle
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform

cygwin1

__assert
__errno
__getreent
__main
_ctype_
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_stat64
abort
accept
alarm
atof
atoi
bind
calloc
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
exit
fclose
fflush
fgets
fileno
fnmatch
fork
fprintf
free
fwrite
gethostbyname
getopt
getpeername
getpid
getrlimit
getrusage
getsockname
getsockopt
gettimeofday
h_errno
hstrerror
inet_aton
inet_ntoa
ioctl
isatty
kill
link
listen
localtime
malloc
memcpy
memset
mktime
munmap
opendir
optind
posix_regcomp
posix_regexec
posix_regfree
printf
putchar
puts
raise
rand
read
readdir
realloc
rename
select
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srand
sscanf
statvfs
strcasecmp
strchr
strcmp
strcpy
strdup
strerror
strftime
strlen
strncat
strncpy
strrchr
strsignal
strstr
strtok
strtol
tcgetattr
tcsetattr
time
uname
unlink
usleep
vprintf
vsnprintf
waitpid
write
h_errno

kernel32

GetModuleHandleA

Sections

.text
Size: 101KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WWP32
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90885289a7a9b8553fd933057f661fab

Headers

File Characteristics

Imports

cygcrypt-0

cygcurl-3

cygwin1

kernel32

Sections

.text Size: 101KB - Virtual size: 211KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 21KB - Virtual size: 56KB

.bss Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 3KB

.WWP32 Size: 1024B - Virtual size: 712B

.text
Size: 101KB - Virtual size: 211KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 21KB - Virtual size: 56KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 3KB

.WWP32
Size: 1024B - Virtual size: 712B