ff21bf066e7c64c4126939969f102e78_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff21bf066e7c64c4126939969f102e78_JaffaCakes118
Size

53KB
MD5

ff21bf066e7c64c4126939969f102e78
SHA1

4747ed84b35c75467e449f86b2b18529235e98af
SHA256

ede7ff62ab8d533030907f7cf3476d9f81d99f29b39c393c6f4229ff078b1c42
SHA512

b82b1c9e9e726333d2fbfb3c2bfede4b583ac189f425b14e01466328d6d7d58129b31db9a577690d9cdb38212f4017f9ae788671fc690737ced1a3c97f2edd64
SSDEEP

1536:OJd66cFNP3q1XBBgnXrGD7ZYSm6+ZQ8dj:id0FBcXDGXaXSnYm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tcppm.exe

Files

ff21bf066e7c64c4126939969f102e78_JaffaCakes118
.rar
enable.reg
proxys.js
start.cmd
tcppm.exe
.exe windows:4 windows x86 arch:x86

1a4a1eb61a612ecf092db79c75a79570

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
htonl
getsockname
connect
select
__WSAFDIsSet
ntohl
WSAStartup
WSASocketA
ioctlsocket
setsockopt
bind
listen
WSAAccept
ntohs
htons
send
WSAGetLastError
sendto
recvfrom
shutdown
closesocket

kernel32

SetHandleCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
HeapSize
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
FreeConsole
HeapAlloc
GetSystemTimeAsFileTime
GetLastError
HeapFree
ExitThread
CreateThread
GetTimeZoneInformation
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
GetFileAttributesA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a4a1eb61a612ecf092db79c75a79570

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 12KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 12KB