0fa428e65ab0505ca44fcb7f6830e14b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fa428e65ab0505ca44fcb7f6830e14b_JaffaCakes118
Size

5KB
MD5

0fa428e65ab0505ca44fcb7f6830e14b
SHA1

825b118ced62df0d86660a5a1ee9f7197ba7a750
SHA256

d5dea4ed3544e125a234fd25d92a7dfc665e299d5f97b6c8527d26e6c34ad982
SHA512

4a625749e79923647cbf228068e4477b1ebde606e490ff782f464d295745a864af7369d294a9c7afbfc45e9cadf1bb8cb051da59586f8d4e532b497ddc9c0fad
SSDEEP

96:rX6HJHCkqxN7nlHOglharFNHMMLa207etZQkIR5LsFy2DH440F:GpTqvVWA6ZQ/5wFJH4TF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa428e65ab0505ca44fcb7f6830e14b_JaffaCakes118

Files

0fa428e65ab0505ca44fcb7f6830e14b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38c13a260c31cb6016ef25fc584a9810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
recv
send
gethostbyname
socket
htons
connect
closesocket
getsockname

kernel32

CreateProcessA
GetVersionExA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
ExitProcess
GetModuleFileNameA
WinExec
GetSystemDirectoryA
Sleep
CreateThread
CreateMutexA
OpenMutexA
lstrlenA
WaitForSingleObject

user32

wsprintfA

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE