eb94c5fb0e08cb5dc45991edb504cf7c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb94c5fb0e08cb5dc45991edb504cf7c_JaffaCakes118
Size

24KB
MD5

eb94c5fb0e08cb5dc45991edb504cf7c
SHA1

be39c853a66418117cc6dad9bf61093119b58630
SHA256

e556912b752b1c313f01158fa2c1a1b2739be3d52341a08af4a10eaee964bd8d
SHA512

941f3697624d8b2cfe8e5fa4beaa13900f510149488a89984ee1ef5c623cf7e02b1c2e9de6a783b7b51dce3501f62d0eff4a829e7c9d9e46f3f6067a74f04bde
SSDEEP

96:qDm/PhFQarmXnG/gWo2n9EUcL6EnWw0nrgrHUoynnyjlRQaHJ1otcm:y1XnSgWln9EZqgzUoynnglR9vrm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb94c5fb0e08cb5dc45991edb504cf7c_JaffaCakes118

Files

eb94c5fb0e08cb5dc45991edb504cf7c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64c9dde7c1c2000b95366f6d2656835b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
closesocket
send
socket
WSAStartup
recv
htons
WSACleanup
gethostbyname

msvcrt

_initterm
__p__fmode
__set_app_type
strchr
sprintf
atoi
strncmp
rename
remove
exit
strrchr
strstr
_exit
_XcptFilter
_acmdln
__getmainargs
_execl
__setusermatherr
_adjust_fdiv
__p__commode
_read
_close
_except_handler3
_controlfp
_open
_write
_stat

kernel32

GetStartupInfoA
GetModuleHandleA
CreateProcessA
CloseHandle
GetExitCodeProcess
Sleep

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE