0b083817a597562f064a8bff4753d8c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b083817a597562f064a8bff4753d8c2_JaffaCakes118
Size

6KB
MD5

0b083817a597562f064a8bff4753d8c2
SHA1

7588ef25e02eda61488f46ff094d701ff2fc1d7b
SHA256

5992282888089fc822d1099a3efd7271825d6d1390a769344771504de8890ce1
SHA512

7b0e812849be3422fe7d151bf9ae4ff909eb2746ff660b5ce280f8a3b46d46b00f39a2cb7741a8e26154605163fbd9618a5662c51e95d277c92f8dccb6319b48
SSDEEP

192:tIAVBZZOveJt+Kot8BA3vDd6bnLC0N59Q9:tDC+wrG590

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b083817a597562f064a8bff4753d8c2_JaffaCakes118

Files

0b083817a597562f064a8bff4753d8c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

febfc8079fd45a08407e0208b99809f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey

wsock32

socket
closesocket
gethostbyname
htons
WSAStartup
connect
send
recv

comdlg32

GetFileTitleA

user32

keybd_event
FindWindowA
ShowWindow
SetForegroundWindow

kernel32

GetFileAttributesA
GetLastError
GetProcessHeap
HeapAlloc
GetCommandLineA
GetStartupInfoA
ExitProcess
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
DeleteFileA
Sleep
CreateFileA
WriteFile
Process32Next
WaitForSingleObject
TerminateProcess
OpenProcess
CloseHandle
GetShortPathNameA
lstrcmpiA
Process32First
CreateToolhelp32Snapshot

Sections

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE