0d35155a3a742e6e86ad320689db85f8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d35155a3a742e6e86ad320689db85f8_JaffaCakes118
Size

8KB
MD5

0d35155a3a742e6e86ad320689db85f8
SHA1

b8cdbd292473f0bade03588baaab902d6d4212ac
SHA256

f6c947e5fa4aa19f12bd334e2a4f15ffe7bc77fab87fe6a72a0c5baf10fd192f
SHA512

6f3152bfd4f869055d310e933a68fb1560a4068ef6ce4e03a97d6aca48e3dfaa4a3efa36dbe089822c11b0d827979984432ef6c800a2812156d4624a44927577
SSDEEP

96:x6D4WwOXE+0ctRRTrONkssJfohjxxCPalCE+tk+Jmd:xgmgEQtRSkX5gxVlL+t7J6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d35155a3a742e6e86ad320689db85f8_JaffaCakes118

Files

0d35155a3a742e6e86ad320689db85f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

148d58f999c0a0bf53eb23e7cb33fee0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
SendMessageA
SetDlgItemTextA
LoadIconA

kernel32

ExitProcess
ExitThread
FreeLibrary
GetLastError
GetModuleFileNameA
GetProcAddress
CreateThread
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
LoadLibraryA
RtlZeroMemory
Sleep
lstrlenA
FindFirstFileA
CreateProcessA
CreateMutexA
CopyFileA
FindClose
GlobalAlloc

ws2_32

socket
connect
send
bind
accept
WSAStartup
WSACleanup
recv
listen
ioctlsocket
closesocket
htons

advapi32

CryptAcquireContextA
CryptDecrypt
CryptHashData
CryptEncrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptCreateHash

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE