196e4ca8d5e07439b9839ca986a28d3c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

196e4ca8d5e07439b9839ca986a28d3c_JaffaCakes118
Size

8KB
MD5

196e4ca8d5e07439b9839ca986a28d3c
SHA1

943cd7241dc4a25939ffc0982722a2ca0b37d8b0
SHA256

c2a9bbae09bbfe2555c3c8cde43b605743ab2393c6306a033fdc68b5017ee7bc
SHA512

c8d796960f6090496f04921e3fbc8a8284c84a6ae53d5ad1670c826391330d50eec6c83cf503ecc778aec4d314e7d42affa115dd0b6ea0bb5b14092c63c7f70e
SSDEEP

192:SO8s1To73xtJxgRrbAtzJ2UtLKtKr3Cd2Vk7j+L12RPHMLVWYr/d:78s1To737gVagau6kPc1qPHAVWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TRKShell.exe

Files

196e4ca8d5e07439b9839ca986a28d3c_JaffaCakes118
.zip
RSRC.RC
Readme_en.txt
Readme_es.txt
TRKShell.asm
TRKShell.exe
.exe windows:4 windows x86 arch:x86

51a804965b07a1017af73b38363c3019

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
RegisterClassExA
LoadIconA
DefWindowProcA
LoadCursorA
GetMessageA
DispatchMessageA
CreateWindowExA

kernel32

ReadFile
RtlZeroMemory
CreateProcessA
CreateThread
lstrlenA
CreatePipe
lstrcmpA
GetCommandLineA
CloseHandle
GetStartupInfoA
ExitProcess
WriteFile
GetModuleHandleA

wsock32

htons
WSAStartup
accept
bind
closesocket
connect
WSAAsyncSelect
inet_addr
listen
recv
send
socket

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tarako.ico