e25d38213f9b8bd90ba6653106e04565_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e25d38213f9b8bd90ba6653106e04565_JaffaCakes118
Size

65KB
MD5

e25d38213f9b8bd90ba6653106e04565
SHA1

cd7e8d2c7fce5231d8dab953486e5d9c10a38b74
SHA256

8b63694bbe203840989edf525aa9b90bcd6182a6a35464839da0472266559021
SHA512

9a770e0f033c9153242f485b28544412f5cb61360a06cac2e1717086d475428046f30bb9287b4e3843d716175e02cae91c4cb0c0b26788f79f1bfefc4b3f4444
SSDEEP

768:p48Z7HgB4mo3ZhKjBN0tRm/nCOmF0nvWSImyL83wHohDuUCzfG+oqBDv/kcYFvM5:f7ACP0jGRCCOmvokGu5v/EpM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e25d38213f9b8bd90ba6653106e04565_JaffaCakes118

Files

e25d38213f9b8bd90ba6653106e04565_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2119a5d4b097d01b0473b9802ed2f40f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TenableCVS\Nessus3\projects\vs2008\Release\nessuscmd.pdb

Imports

nessus-libraries

open_sock_tcp_hn
nessus_zrealloc
stream_set_buffer
stream_set_timeout
open_sock_tcp_negotiate_ssl
nessus_register_connection
inet_aton
nessus_zalloc
cache_dec
cache_inc
addslashes
rmslashes
nessus_copyright
nessus_strerror
nessus_console_setecho
nessuslib_version
inc_optind
strlcat
nessus_component_version
get_optarg
nessus_init_library
get_optind
clean_fgets
getopt_long
nessus_file_unmap
nessus_atoi
nessus_realloc
nessus_perror
nessus_stat
nessus_file_close
read_stream_connection
nessus_file_map
nessus_file_open
recv_line
write_stream_connection
_nessus_free
nessus_strdup
nessus_qa_mode_enabled
nessus_abort
nessus_alloc

ws2_32

ntohl

msvcr100

memset
_write
_access
_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
feof
_open
__iob_func
fflush
fgets
_read
fopen
fread
fprintf
_fileno
ferror
fwrite
_setmode
ftell
_lseek
memcpy
fseek
fclose
clearerr
_close
printf
strncmp
_snprintf_s
strstr
strchr
exit
abort
strncpy
putc
qsort

kernel32

IsDebuggerPresent
Sleep
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
HeapSetInformation

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qgvqpyf
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2119a5d4b097d01b0473b9802ed2f40f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nessus-libraries

ws2_32

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1004B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 30KB

qgvqpyf Size: - Virtual size: 4KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1004B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 30KB

qgvqpyf
Size: - Virtual size: 4KB