df8a30cafc5494269807790a7ae7c49e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

Reason

zip: not a valid zip file

General

Target

df8a30cafc5494269807790a7ae7c49e_JaffaCakes118
Size

19.8MB
MD5

df8a30cafc5494269807790a7ae7c49e
SHA1

0f7103046bf571a88d10348b10b2dccfac2ee462
SHA256

15fa1ee2d77cd852f52082410fb26b4d201b13d0709a9af950d9244e451a25a4
SHA512

65291b0b450615c80ec4ab6dce78369666ce31e977a993f5c6ea8877e6825a7bdf81eb856ff9eb34719df3da31e5a6bb1ef631c7b67501e0dc04f32b8bf4a553
SSDEEP

393216:ns+B4BZ2hVWPf7V+3ODVuk5Ul2Vq+gKYkTMJ8tPV4FgzGhLjr:ns+qBZ5R+AV6l2VofLACFgzeLn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cobaltstrike3.8/third-party/vncdll.x64.dll
unpack001/cobaltstrike3.8/third-party/vncdll.x86.dll

Files

df8a30cafc5494269807790a7ae7c49e_JaffaCakes118
.zip
__MACOSX/cobaltstrike3.8/._cobaltstrike.jar
cobaltstrike3.8/.cobaltstrike.beacon_keys
cobaltstrike3.8/agscript
cobaltstrike3.8/c2lint
.sh linux
cobaltstrike3.8/cobaltstrike
cobaltstrike3.8/cobaltstrike.jar
cobaltstrike3.8/cobaltstrike.store
cobaltstrike3.8/data/archives.bin
cobaltstrike3.8/data/c2info.bin
cobaltstrike3.8/data/listeners.bin
cobaltstrike3.8/data/sessions.bin
cobaltstrike3.8/data/targets.bin
cobaltstrike3.8/icon.jpg
.jpg
cobaltstrike3.8/license.pdf
.pdf
cobaltstrike3.8/logs/181127/192.168.30.1/beacon_770.log
cobaltstrike3.8/logs/181127/events.log
cobaltstrike3.8/logs/181127/weblog.log
cobaltstrike3.8/readme.txt
cobaltstrike3.8/releasenotes.txt
cobaltstrike3.8/teamserver
.sh linux
cobaltstrike3.8/third-party/README.vncdll.txt
cobaltstrike3.8/third-party/vncdll.x64.dll
.dll windows:5 windows x64 arch:x64

669a4efd1735ea3cb40499064f416d6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ws2_32

WSAGetLastError
recv
WSACreateEvent
closesocket
WSAEventSelect
WSADuplicateSocketA

user32

WaitForInputIdle

kernel32

FlushFileBuffers
LCMapStringW
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
PeekNamedPipe
ConnectNamedPipe
GetTickCount
Sleep
ReadFile
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
CloseHandle
ExitProcess
FindResourceA
LoadResource
SetUnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
TerminateThread
SizeofResource
ExitThread
SetLastError
LockResource
WaitForMultipleObjects
CreateMutexA
DuplicateHandle
ReleaseMutex
GetCurrentProcessId
CreateThread
FreeLibrary
OpenProcess
Thread32First
Thread32Next
GetProcAddress
LoadLibraryA
OpenThread
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetProcessHeap
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapSize
CreateFileW

Exports

Exports

Init
ReflectiveLoader

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cobaltstrike3.8/third-party/vncdll.x86.dll
.dll windows:5 windows x86 arch:x86

1bf675d2eadd8d04ad3004a9b33be74d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ws2_32

WSAGetLastError
recv
WSACreateEvent
closesocket
WSAEventSelect
WSADuplicateSocketA

user32

WaitForInputIdle

kernel32

FlushFileBuffers
LCMapStringW
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
PeekNamedPipe
ConnectNamedPipe
GetTickCount
Sleep
ReadFile
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
CloseHandle
ExitProcess
FindResourceA
LoadResource
SetUnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
TerminateThread
SizeofResource
ExitThread
SetLastError
LockResource
WaitForMultipleObjects
CreateMutexA
DuplicateHandle
ReleaseMutex
GetCurrentProcessId
CreateThread
FreeLibrary
OpenProcess
Thread32First
Thread32Next
GetProcAddress
LoadLibraryA
OpenThread
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetProcessHeap
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapSize
CreateFileW

Exports

Exports

Init
_ReflectiveLoader@0

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cobaltstrike3.8/update
cobaltstrike3.8/update.jar
.jar

Sharing

Errors

General

Malware Config

Signatures

Files

669a4efd1735ea3cb40499064f416d6a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 368KB - Virtual size: 367KB

.reloc Size: 1KB - Virtual size: 1KB

1bf675d2eadd8d04ad3004a9b33be74d

Headers

File Characteristics

Imports

advapi32

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 309KB - Virtual size: 308KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 368KB - Virtual size: 367KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 309KB - Virtual size: 308KB

.reloc
Size: 4KB - Virtual size: 3KB