0a35de16268dfd50d765f989a26e887f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a35de16268dfd50d765f989a26e887f_JaffaCakes118
Size

16KB
MD5

0a35de16268dfd50d765f989a26e887f
SHA1

70a154ccb4ff634816d2496b56dcabd6ce2c9dba
SHA256

2b66bc271a5ad1e7fbe50000c8ee646126dc95d131fe7a1910aee77e3581d0ef
SHA512

56ab44f450ded71dbd9811b87f686fde1d9cb80340d2b2e7c9e6af223df2afab6d22ec6d28cc514d6e6196a99409c0ea078ff11eed31c1acd884cbeca4fbf1bc
SSDEEP

384:X0pmw4EWr2W1V/jeK+FuutnmolTEnAT2d4:X0pt4EW1V/oFDFmiTJi4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a35de16268dfd50d765f989a26e887f_JaffaCakes118

Files

0a35de16268dfd50d765f989a26e887f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a9eb7d990c6e68229d8f9024a34e439

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncmp
strncpy
strstr
atoi
sprintf
strtok
_snprintf
memset

ws2_32

socket
inet_addr
connect
htons
recv
WSAStartup
closesocket
gethostbyname
send

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

dnsapi

DnsQuery_A

kernel32

CreateProcessA
GetProcessHeap
Sleep
GetThreadContext
HeapFree
HeapAlloc
GetTempPathA
GetCurrentProcessId
GetVersion
GetModuleFileNameA
LoadLibraryA
GetTempFileNameA
GetProcAddress
MoveFileExA
ExitProcess
ResumeThread
WriteProcessMemory
GetModuleHandleA
VirtualAllocEx
SetThreadContext

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE