158a2b28a825c60b30f4c611633f374b_JaffaCakes118 | Triage

Sharing

General

Target

158a2b28a825c60b30f4c611633f374b_JaffaCakes118
Size

32KB
MD5

158a2b28a825c60b30f4c611633f374b
SHA1

4e4c4dfe790e00dcaac422df13faaecd6164aba1
SHA256

7f5a17843260ba436fd29237d0a0320d2d65991ec767265f29bca81eaed03e41
SHA512

e1eddf088340909cc3d69d1fa1fb79c84221d85833f9df7dd53bdc083c9fd323d4f591b2a8dabaf2d60389fdef1a8ccbfb45919814be1151b2af5c6a2aa97861
SSDEEP

192:l3BFrpRCPN2A7K+uEWGFclIAMy4MUYl1vfbFBxS93+ZiIYEtEkEhHAtbDaR2:9jcsgeJIAXcc5BUEZbYElsHQ3C2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
158a2b28a825c60b30f4c611633f374b_JaffaCakes118

Files

158a2b28a825c60b30f4c611633f374b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a37637b8ef54891133d25787e8e0f410

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
sendto
closesocket
recv
send
listen
accept
socket
getsockname
connect
WSAGetLastError
htons
bind
select
ioctlsocket
__WSAFDIsSet
WSAStartup
inet_ntoa
gethostbyname

msvcrt

_itoa
free
malloc
_errno
time
_vsnprintf
sprintf
exit
atol
strncmp
rand
_strcmpi
_except_handler3
_strdup
srand

kernel32

VerifyVersionInfoA
GetModuleFileNameA
Sleep
GetCurrentProcessId
CreateThread
ExpandEnvironmentStringsA
CopyFileA
lstrlenA
VerSetConditionMask
WinExec

advapi32

CloseServiceHandle
RegSetValueExA
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
RegCloseKey
StartServiceA
RegDeleteValueA

ole32

CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ