darkcomet | JaffaCakes118_8854848a600589da4c3f738a8958ee62

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8854848a600589da4c3f738a8958ee62
Size

664KB
MD5

8854848a600589da4c3f738a8958ee62
SHA1

b47f082d3938fb97008518e8d1aedf12c34cac32
SHA256

6fda0fd3839b1877b2a675d09ec1438734131c881a5e2c00a18b487f18fae100
SHA512

9a1d0b4d395fd51081e47065e51e1555d7cbf08c2885b72d33594fa5f4ce2727bba0a5e66628d18733a3da9fae37d2dcf90eb8b8dd6fdc0d974adcb51886eb9e
SSDEEP

12288:F9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqRKyh:jAQ6Zx9cxTmOrucTIEFSpOGzh

Score

10^/10

guest16 darkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

InstallPath
Windupdt\winupdate.exe
gencode
s�=04$chbreo
install
true
offline_keylogger
false
persistence
true
reg_key
winupdater

rc4.plain

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8854848a600589da4c3f738a8958ee62

Files

JaffaCakes118_8854848a600589da4c3f738a8958ee62
.exe windows:4 windows x86 arch:x86

4f3253d89c52698bfd4842d733fdc827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
CreateFileA
CloseHandle
WriteFile
GetSystemDirectoryA
GetFileTime
SetFileTime
GetWindowsDirectoryA
lstrcatA
FreeLibrary

Sections

.text
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 47KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alloy32
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alloy32
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alloy32
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alloy32
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

4f3253d89c52698bfd4842d733fdc827

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 570KB - Virtual size: 569KB

.itext Size: 7KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 12KB

.bss Size: - Virtual size: 47KB

.idata Size: 17KB - Virtual size: 16KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 35KB - Virtual size: 34KB

.rsrc Size: 16KB - Virtual size: 15KB

.alloy32 Size: 512B - Virtual size: 4KB

.alloy32 Size: 2KB - Virtual size: 4KB

.alloy32 Size: 512B - Virtual size: 4KB

.alloy32 Size: 2KB - Virtual size: 4KB

.text
Size: 570KB - Virtual size: 569KB

.itext
Size: 7KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 12KB

.bss
Size: - Virtual size: 47KB

.idata
Size: 17KB - Virtual size: 16KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 16KB - Virtual size: 15KB

.alloy32
Size: 512B - Virtual size: 4KB

.alloy32
Size: 2KB - Virtual size: 4KB

.alloy32
Size: 512B - Virtual size: 4KB

.alloy32
Size: 2KB - Virtual size: 4KB