e13df70419462f1a8419915f538951c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e13df70419462f1a8419915f538951c7_JaffaCakes118
Size

2.4MB
MD5

e13df70419462f1a8419915f538951c7
SHA1

b67780df0f0dd1dac12c273c47e50dd038359ef8
SHA256

dd247f2978c3df3faf54a47b332235cf3e4abc74f2b0f4d80a514e9c6bda8c3b
SHA512

3feffe9317e8e71d627bb0c660af154b2b55917734349bbdeefcc99d4cc51c445f1dcc4ec6632293b7b889d465826e1b8770dc0e9b5997475c5a338988929067
SSDEEP

49152:R/V0X4EzuADTgTXYG3zBfeuFRTZVA+MLNYxwzx4WFFv:Rt0oElDqYGF2OFABBYylJFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BotCollector.exe
unpack001/geobaze/patch/logo.png

Files

e13df70419462f1a8419915f538951c7_JaffaCakes118
.zip
BotCollector.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\User\source\repos\Updater\Updater\obj\Debug\Updater.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ads(1).html
.html .js polyglot
ads(2).html
.html .js polyglot
ads.html
.html .js polyglot
data.dbb
data.dbf
geobaze/board.png
.png
geobaze/collapse.gif
.gif
geobaze/collapse.png
.png
geobaze/dot4.png
.png
geobaze/dot5.png
.png
geobaze/dot6.png
.png
geobaze/f(1).txt
.js
geobaze/f(2).txt
.js
geobaze/f(3).txt
.js
geobaze/patch/300-250.gif
.gif
geobaze/patch/728-90.jpg
.jpg
geobaze/patch/avatar_121_1524387924.png
.png
geobaze/patch/avatar_1_1503743162.png
.png
geobaze/patch/avatar_339_1542256364.png
.png
geobaze/patch/avatar_367_1540021585.png
.png
geobaze/patch/coin.png
.png
geobaze/patch/logo.png
.exe windows:6 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 196KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pvkxwdbh
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gfvixkto
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 60KB - Virtual size: 59KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 512B - Virtual size: 12B

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 196KB - Virtual size: 340KB

.rsrc Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 2.6MB

pvkxwdbh Size: 1.6MB - Virtual size: 1.6MB

gfvixkto Size: 512B - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

pvkxwdbh
Size: 1.6MB - Virtual size: 1.6MB

gfvixkto
Size: 512B - Virtual size: 4KB