051efd476568a981d7e3150183d02fe7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

051efd476568a981d7e3150183d02fe7_JaffaCakes118
Size

15KB
MD5

051efd476568a981d7e3150183d02fe7
SHA1

ea2ed07619bef4709256d5d15c8d468b9c98bbfb
SHA256

46efe91a86aca35493c1f072495b02300bef523c9e40df958d88699918db1504
SHA512

5775fbfa80994d7088e7d5e777698a3537f2822bca9d15e92d94e208c3aec89ee58597cadc44c83dc4ba76dcf8ff7363bf0ba802fe29337929c63661d018e3c3
SSDEEP

384:tiaZcmokq+3h76WWUIjtKnSe8y+7vP/ddtO:3ZLOtKng7vP/BO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
051efd476568a981d7e3150183d02fe7_JaffaCakes118

Files

051efd476568a981d7e3150183d02fe7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc59ec94027321fde1c3b36f58271b90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
LockResource
LoadResource
CreateThread
CreateProcessA
GetModuleFileNameA
GetSystemDirectoryA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
lstrcmpA
FindResourceA
CopyFileA
lstrlenA
GetVersionExA
Sleep
GetCurrentProcess
TerminateProcess
ExitProcess

user32

wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegCreateKeyA
RegFlushKey

ws2_32

htons
inet_addr
gethostbyname
socket
inet_ntoa
connect
bind
closesocket
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
recv
accept
listen

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ