149622cdb993482ab16a9ad3a455d20c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

149622cdb993482ab16a9ad3a455d20c_JaffaCakes118
Size

835KB
MD5

149622cdb993482ab16a9ad3a455d20c
SHA1

ccb8d82718fccb69454fe1e7c24e7eeb2404ab13
SHA256

a734347ba65ee3b11b751642a26b0fab9fe5ce56a8964a4b1823a308a014d2ca
SHA512

82818c673a5df4cfee29436a829bcf2a1716d20012f2c081c1be91a2c56a6b9de6150aad2bda42c1b04030b5fad08880a74c8b8f8e5832ecae121ede99427104
SSDEEP

12288:61fzDx0OOA5O0Or6Ip1rN9ClE7ECO6C7TU3rU7bIJq1TKIBraUX2Gxl98UYvMrXa:W3x0On5O0OrB7QfU+brBIUmG5ES634K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149622cdb993482ab16a9ad3a455d20c_JaffaCakes118

Files

149622cdb993482ab16a9ad3a455d20c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2a4ce8d537d081c898b04d1fd8028fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypto-0.9.8

RAND_egd
RAND_file_name
RAND_load_file
RAND_write_file

cygwin1

__errno
__getreent
__main
_exit
_fcntl64
_fopen64
_impure_ptr
_open64
_stat64
accept
atoi
bind
calloc
chdir
chmod
close
closedir
connect
cygwin_conv_to_full_win32_path
cygwin_internal
dll_crt0__FP11per_process
dup2
execvp
exit
fclose
fflush
fgets
fork
fprintf
fputc
fputs
fread
free
getcwd
getenv
gethostbyaddr
gethostbyname
getpagesize
getpeername
getpid
getsockname
getsockopt
gettimeofday
herror
htonl
htons
ioctl
kill
listen
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
mkdir
mktime
ntohl
opendir
pclose
pipe
popen
printf
qsort
raise
read
readdir
realloc
remove
rename
select
setmode
setpgid
setsockopt
sigaction
sigfillset
signal
sleep
socket
sprintf
strcasecmp
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strstr
strtol
strtoll
strtoul
system
tcgetattr
tcsetattr
tempnam
time
uname
unlink
utime
vfprintf
waitpid
write

cygssl-0.9.8

SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_new
SSL_CTX_set_default_verify_paths
SSL_connect
SSL_free
SSL_get_current_cipher
SSL_get_error
SSL_library_init
SSL_new
SSL_read
SSL_set_fd
SSL_write
SSLv23_client_method

kernel32

GetConsoleOutputCP
GetConsoleTitleA
GetModuleFileNameA
GetModuleHandleA
SetConsoleTitleA

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2a4ce8d537d081c898b04d1fd8028fd

Headers

File Characteristics

Imports

cygcrypto-0.9.8

cygwin1

cygssl-0.9.8

kernel32

Sections

.text Size: 378KB - Virtual size: 378KB

.data Size: 169KB - Virtual size: 169KB

.rdata Size: 214KB - Virtual size: 213KB

.bss Size: - Virtual size: 105KB

.idata Size: 72KB - Virtual size: 72KB

.text
Size: 378KB - Virtual size: 378KB

.data
Size: 169KB - Virtual size: 169KB

.rdata
Size: 214KB - Virtual size: 213KB

.bss
Size: - Virtual size: 105KB

.idata
Size: 72KB - Virtual size: 72KB