f07a40d2d88771a05c28ee06be14b513_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f07a40d2d88771a05c28ee06be14b513_JaffaCakes118
Size

567KB
MD5

f07a40d2d88771a05c28ee06be14b513
SHA1

e7faa0c8f22e2246cb70f698ad46f987fbb944cf
SHA256

cf2ce7e3eb864d02cb6f5fce160d0c77ec3a8eacf911979e26b5ba689f7f747b
SHA512

4e75c92066fa1b1b49d1a947ffc8cd05669ccd5c5334400f95287c8cfe7dde219fd9e6d383d8e331c8fb38a78e363d2a6e7350e825db7ca86d15c63add71fe6f
SSDEEP

12288:2FSnWR3sQT7LV08BI97Rj98aXXAHqa20MXQRuIeIPWxmR/:sj1sQJxS7gCTXGuIeCvR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f07a40d2d88771a05c28ee06be14b513_JaffaCakes118

Files

f07a40d2d88771a05c28ee06be14b513_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6c2e976506459b5153769930b02639eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetServiceClassNameByClassIdA
listen
WSACleanup
WSAStartup

kernel32

EnumResourceNamesA
HeapReAlloc
FindResourceA
GetModuleHandleA
VirtualAlloc
EnumResourceTypesA
GetStartupInfoA
LockResource
ExitProcess
HeapFree

ole32

BindMoniker
CLIPFORMAT_UserFree
CoPushServiceDomain
PropVariantChangeType
CoPopServiceDomain

Sections

CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 96KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ