14290d5289036f3ab2f5c278fa40b17f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14290d5289036f3ab2f5c278fa40b17f_JaffaCakes118
Size

5KB
MD5

14290d5289036f3ab2f5c278fa40b17f
SHA1

e5f3be9dbd01a567091e29ae5e2ddb1c3fc1b329
SHA256

5b4c25ee9235e73323e852f979ae30ba4b574e5489614b319c45e557442dd2d9
SHA512

c346ea1f7675617c23f3e2439b6757a00018734c0ff00d15a4dd510aa00948d7379cf1fa7f930828e6b6bdfb8a357f0c6242688e5ca3d8bc64106d7e381948da
SSDEEP

96:Z1lzBxVnwnYTJhkOTdad4NXDxC4v82dmxcWL9yFbHjNc:Xs+hkOo6FDxGnxQbH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14290d5289036f3ab2f5c278fa40b17f_JaffaCakes118

Files

14290d5289036f3ab2f5c278fa40b17f_JaffaCakes118
.exe windows:1 windows x86 arch:x86

a8f7d73859c0795758c16dfaf9f47da2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
ReadProcessMemory
RtlZeroMemory
Sleep
TerminateThread
VirtualAlloc
VirtualQueryEx
WaitForSingleObject
lstrcatA
lstrcpyA
lstrlenA

wsock32

WSACleanup
WSAStartup
closesocket
connect
send
socket

Sections

.data
Size: 1024B - Virtual size: 903B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.api
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE