211393b712d50b9ca953889a19f3daf6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

211393b712d50b9ca953889a19f3daf6_JaffaCakes118
Size

45KB
MD5

211393b712d50b9ca953889a19f3daf6
SHA1

426a7ac89a01171350fbf6b5b833bd9578228bfc
SHA256

5a1553b669f132c8053aa5d59847f7d3b7fd3746aa14bb648277d8e0a00bb51e
SHA512

1c78592152ab61b4fc9cac67280bb5c9bb7c56438ce1ea0ee5d682e5873a73d2d0103e7654ed33ba0143ed32a9aa6c77d0821d776d07262cbc99abefcb860853
SSDEEP

768:e0eMyTopdpsPLlBd0cmUW59oWcxhWdWoDXvzhTBCqDmJL08VBa3:eRMdpdGPRiUWwDxhUzzhTBCqSh0sm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
211393b712d50b9ca953889a19f3daf6_JaffaCakes118

Files

211393b712d50b9ca953889a19f3daf6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3fbee55ba7724d532fdce577fd16cb7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
DeviceIoControl
ExitProcess
GetCommandLineA
GetCurrentDirectoryA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetTickCount
GetVersionExA
IsDebuggerPresent
ReadFile
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
WriteFile

wsock32

gethostbyname
WSAStartup
WSACleanup

user32

MessageBoxA

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE