0873867538635a4cad69f8e29b9eb36a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0873867538635a4cad69f8e29b9eb36a_JaffaCakes118
Size

77KB
MD5

0873867538635a4cad69f8e29b9eb36a
SHA1

27f3232d0c9a989ee137a5a12c17e52195c50500
SHA256

7ff6f99bfcdac6cdf72bb57b42f20cc62ac5797bc66da74d4d5a30b5b9f23c94
SHA512

5a07573c8cc6fd241f3805035941d0ae57a8a7caa96f87f84c2205a29b5b67303f1d93be50aa44531527bc666eaaac3dccf98e75c8437b744e5852c0dcd46b76
SSDEEP

1536:XkOXLLzZ4rhLYTj7wLK9tKNjfG9OUwzqNKkJyyc+WBSaoYAHdRpMfX2Ru:XkOXL/OrhLYTYLK9tEbHUnsY5WQ2ATK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0873867538635a4cad69f8e29b9eb36a_JaffaCakes118

Files

0873867538635a4cad69f8e29b9eb36a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4c052a104fc63207caaeb0f6ef217b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Sleep
lstrcmpA
WriteFile
CreateFileA
LockResource
CreateThread
SetPriorityClass
GetCurrentProcess
LoadResource
lstrlenA
GlobalMemoryStatus
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
FindResourceA
GetSystemDirectoryA
GetVersionExA
CreateProcessA
ExpandEnvironmentStringsA
CopyFileA
CloseHandle
ExitProcess
TerminateProcess

user32

wsprintfA

advapi32

RegCloseKey
RegFlushKey
RegCreateKeyA
RegCreateKeyExA
GetUserNameA
RegSetValueExA

ws2_32

bind
connect
htons
inet_addr
gethostbyname
socket
accept
recv
listen
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
closesocket
inet_ntoa

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ