da35644538e5dd05a2a627f7142dfef1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da35644538e5dd05a2a627f7142dfef1_JaffaCakes118
Size

259KB
MD5

da35644538e5dd05a2a627f7142dfef1
SHA1

7a5cf178bdbcc325f532a7d546407e34717a1855
SHA256

38f8b566e8d676b33f419df6fe5232d8e8c3ef259cbf5c64dbc6107030781366
SHA512

aa4232708b8247ec7a0eb063ac14a04efdadc6b37344e0143f6c04e7e593420708e574195501a75ef167194b72c5b2912dc26b1844ed2f9d6b28a9f6eed474d6
SSDEEP

3072:buOmE2aYfkVAkCSzjTc/Zd1ikrKlBd9RHjivLHkrtHG3GQ6f7BsaQkTaWTtIxWiT:SWAinlkIU6f7B2kTaJ0jSCzPv2i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da35644538e5dd05a2a627f7142dfef1_JaffaCakes118

Files

da35644538e5dd05a2a627f7142dfef1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

972d05b4debda4ea1e3380ba7e45c73f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypt-0

crypt

cygwin1

__assert
__errno
__getreent
__main
_fcntl64
_fopen64
_freopen64
_fstat64
_geteuid32
_getpwuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_setgid32
_setgroups32
_setuid32
_stat64
abort
accept
alarm
atof
atoi
bind
calloc
chdir
chroot
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
exit
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gethostbyname
getopt
getpeername
getpid
getpwnam
getrlimit
getrusage
getsockname
getsockopt
gettimeofday
inet_addr
ioctl
isatty
kill
link
listen
localtime
malloc
memcpy
memset
munmap
opendir
optarg
optind
perror
posix_regcomp
posix_regexec
printf
putchar
puts
raise
rand
read
readdir
realloc
recv
remove
rename
rewind
select
send
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srand
sscanf
statvfs
strcasecmp
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strlwr
strncasecmp
strncat
strncmp
strncpy
strsignal
strstr
strtol
tcgetattr
tcsetattr
time
uname
unlink
usleep
vprintf
vsnprintf
waitpid
write

cygmcrypt-4

mcrypt_enc_get_iv_size
mcrypt_generic
mcrypt_generic_deinit
mcrypt_generic_init
mcrypt_module_close
mcrypt_module_open
mcrypt_perror
mdecrypt_generic

cygssl-0.9.8

SSL_CTX_new
SSL_connect
SSL_free
SSL_library_init
SSL_load_error_strings
SSL_new
SSL_read
SSL_set_fd
SSL_write
SSLv23_client_method

advapi32

CloseServiceHandle
ControlService
DeleteService
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
StartServiceA

kernel32

CloseHandle
CreateProcessA
CreateToolhelp32Snapshot
GetComputerNameA
GetDiskFreeSpaceExA
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTickCount
GetVersionExA
GetWindowsDirectoryA
OpenProcess
Process32First
Process32Next
Sleep
TerminateProcess
WaitForSingleObject
WinExec
lstrcmpiA

user32

GetSystemMetrics

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

972d05b4debda4ea1e3380ba7e45c73f

Headers

File Characteristics

Imports

cygcrypt-0

cygwin1

cygmcrypt-4

cygssl-0.9.8

advapi32

kernel32

user32

Sections

.text Size: 197KB - Virtual size: 196KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 51KB - Virtual size: 51KB

.bss Size: - Virtual size: 18KB

.idata Size: 5KB - Virtual size: 5KB

.text
Size: 197KB - Virtual size: 196KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 51KB - Virtual size: 51KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 5KB - Virtual size: 5KB