2c587677fa11af66ffad687e9d5a9bb4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c587677fa11af66ffad687e9d5a9bb4_JaffaCakes118
Size

691KB
MD5

2c587677fa11af66ffad687e9d5a9bb4
SHA1

25698627900529d1f3179df3105f37ef75c68542
SHA256

b28fb6e7620eddc6bb904ac654a8ba1d656a04fb5f4526b638c4c3dbf33e815d
SHA512

0321b6ef9fbbe18b7bfb029e483b351fd8630e9809fe23fb47f1c293de08e74dc9ae6761ac7bb328eaa71adb1646d6dec1dc9e89a6e0cb5601999efd9bdb0cb9
SSDEEP

12288:h+dLRjR4BG4MBkYnVuJkxITWo72CInBym1PU2uTRL8pus6GK3mRZAWhdcu:h+XjR4Q4CqJBWkpIcm1PUp14pus6BmfX

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinPcap installers.exe
unpack001/illwill.exe
unpack001/pthread.dll
unpack001/siphon.exe

Files

2c587677fa11af66ffad687e9d5a9bb4_JaffaCakes118
.zip
Readme.txt
WinPcap installers.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
illwill.exe
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

��t
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ta
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��a
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
osprints.conf
pthread.dll
.dll windows:4 windows x86 arch:x86

24fa5ed0eba88df6b6d9f3c4bd6dd5d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_abnormal_termination
_ftime
_endthreadex
_beginthreadex
_errno
calloc
_except_handler3
free
malloc

kernel32

DeleteCriticalSection
FreeLibrary
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetExitCodeThread
CreateSemaphoreA
GetThreadPriority
SetThreadPriority
ReleaseMutex
CreateMutexA
WaitForMultipleObjects
RaiseException
WaitForSingleObject
SetEvent
CreateEventA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReleaseSemaphore
GetCurrentThreadId
ResetEvent
InitializeCriticalSection
GetProcAddress
LoadLibraryA
Sleep
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getschedparam
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setschedparam
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_detach
pthread_equal
pthread_exit
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getpshared
pthread_mutexattr_init
pthread_mutexattr_setforcecs_np
pthread_mutexattr_setpshared
pthread_once
pthread_pop_cleanup
pthread_push_cleanup
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setschedparam
pthread_setspecific
pthread_testcancel
sched_get_priority_max
sched_get_priority_min
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
siphon.exe
.exe windows:4 windows x86 arch:x86

3c8f05bd1bc208b5249f9aaf00272007

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

packet

PacketCloseAdapter
PacketOpenAdapter
PacketSetHwFilter
PacketGetNetType
PacketAllocatePacket
PacketInitPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetBuff
PacketGetAdapterNames

pthread

pthread_create
pthread_join

ws2_32

ntohl
ntohs
htons
inet_ntoa

kernel32

FlushFileBuffers
GetCommandLineA
HeapFree
LCMapStringW
LCMapStringA
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CreateFileA
GetLastError
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
SetFilePointer
GetStartupInfoA
GetVersion
Sleep
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
SetHandleCount
SetConsoleCtrlHandler
CloseHandle
CreatePipe
ReadFile
VirtualAlloc
GetStdHandle
WriteFile
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
UnhandledExceptionFilter
SetStdHandle
GetFileType

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 29KB - Virtual size: 29KB

DATA Size: 1024B - Virtual size: 636B

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

Imports

kernel32

Sections

����t Size: - Virtual size: 16KB

����ta Size: 1KB - Virtual size: 4KB

����a Size: 512B - Virtual size: 4KB

24fa5ed0eba88df6b6d9f3c4bd6dd5d5

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 718B

3c8f05bd1bc208b5249f9aaf00272007

Headers

File Characteristics

Imports

packet

pthread

ws2_32

kernel32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 15KB

CODE
Size: 29KB - Virtual size: 29KB

DATA
Size: 1024B - Virtual size: 636B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

��t
Size: - Virtual size: 16KB

��ta
Size: 1KB - Virtual size: 4KB

��a
Size: 512B - Virtual size: 4KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 718B

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 15KB