075479a1e3ad4c9773c5845bd9f385ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

075479a1e3ad4c9773c5845bd9f385ba_JaffaCakes118
Size

9KB
MD5

075479a1e3ad4c9773c5845bd9f385ba
SHA1

1c9dcd3802524aa1f9019e1128922120e9e16d63
SHA256

96430d21d96bba3f676f6fbc865f3b32a2afad03d0ea8ec5db76a4828ce5e9e3
SHA512

155b76593cce83cef327c647e6a48bdd9869400f9cb16db9656305faf9d0cb6aeceb9c0920218e83b71edf1e48fb277865c01f6298349fd0a21cc07a3e3b54b5
SSDEEP

192:5u3oEKkx3MH3MZusxVgHTKFodSHxY1vhP2aB48zKT5FZ:5ahKkx3MH8ZusbgH+ocHxcdVBCFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cfgwiz.exe

Files

075479a1e3ad4c9773c5845bd9f385ba_JaffaCakes118
.cab
cfgwiz.exe
.exe windows:1 windows x86 arch:x86

c8f30ef6261b2f47f92babb1f362ab56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnumChildWindows
FindWindowA
GetMessageA
KillTimer
PostQuitMessage
RegisterClassA
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA

wsock32

closesocket
send
recv
connect
ioctlsocket
htons
socket
inet_addr
gethostbyname
gethostname
WSACleanup
WSAStartup

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetComputerNameA
GetFileSize
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
SetFilePointer
WriteFile

Sections

AUTO
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE