d6e57fb6553e60adbe2a0663f7933ee3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6e57fb6553e60adbe2a0663f7933ee3_JaffaCakes118
Size

126KB
MD5

d6e57fb6553e60adbe2a0663f7933ee3
SHA1

cab7eb2877ca533c0e94c2f4dcf9312e7fb72530
SHA256

554b4f791008d7b0b74aeabb872a2d779a1488f043ff0401a46ce660110e2457
SHA512

509cd82fa80509e1c7bae34d5d584bc13f048385ce99a01807c7b4f1950d961bff0eaea3abc58d5531382dc5bc197c0dbee8432f9e54be7b5df3c15785e33a09
SSDEEP

3072:B5rnjwg82Sq8tt0ONYiIwLcCU6Hy/rMq+HWDPnFZIpbH:n9Spf3NjIwRfHyDd+ysl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/met0ri [CLIENTSIDE] 1337 PRIVATE CODED BY MORIAX & AN ANONIMOUS PLAYER/met0ri[1g].exe.exe

Files

d6e57fb6553e60adbe2a0663f7933ee3_JaffaCakes118
.rar
met0ri [CLIENTSIDE] 1337 PRIVATE CODED BY MORIAX & AN ANONIMOUS PLAYER/liblist.gam
met0ri [CLIENTSIDE] 1337 PRIVATE CODED BY MORIAX & AN ANONIMOUS PLAYER/met0ri[1g].exe.exe
.exe windows:4 windows x86 arch:x86

a6e6f9cdd81c0d4c0d6ee4f96278eb59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
LoadLibraryA
CloseHandle
VirtualFreeEx
Process32Next
ReadFile
GetProcAddress
GetCompressedFileSizeA
WriteProcessMemory
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
GetFileAttributesA
VirtualProtectEx
VirtualAllocEx
WaitForSingleObject
OpenProcess
GetModuleFileNameA
Module32First
Module32Next
CreateFileA
GetModuleHandleA
GlobalFree
WriteFile
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modu
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
met0ri [CLIENTSIDE] 1337 PRIVATE CODED BY MORIAX & AN ANONIMOUS PLAYER/metori.cfg
met0ri [CLIENTSIDE] 1337 PRIVATE CODED BY MORIAX & AN ANONIMOUS PLAYER/metori.so
.elf linux x86
met0ri [CLIENTSIDE] 1337 PRIVATE CODED BY MORIAX & AN ANONIMOUS PLAYER/standard.ini
.vbs

Sharing

General

Malware Config

Signatures

Files

a6e6f9cdd81c0d4c0d6ee4f96278eb59

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.modu Size: 192KB - Virtual size: 192KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB

.modu
Size: 192KB - Virtual size: 192KB