23005169742b1d7fe99207525eff0850_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23005169742b1d7fe99207525eff0850_JaffaCakes118
Size

192KB
MD5

23005169742b1d7fe99207525eff0850
SHA1

434f5fa4f4f4700db502eef7288f386c4a07cc77
SHA256

5aa800b36be119d24f5fef8eeabac51605d047f0f7625979c3d5d2b225a3a61b
SHA512

85e326e8799e7163452476353fbd7ea7bda61b198e7aa4bf9950f5821332699e24f98f9f416f88053393488403301a861405269671ea690fcbd182c70fd4dfd0
SSDEEP

3072:pqupJMPtuvpPnfW62/sb7XYK/g0dq8rwYAru9WP1pRUzOTQS/cr0zkNN6:pqupJqEv4620fIKY0gWArHPSOTQWcrR6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23005169742b1d7fe99207525eff0850_JaffaCakes118

Files

23005169742b1d7fe99207525eff0850_JaffaCakes118
.exe windows:1 windows x86 arch:x86

49d4631b880eb10240cc7b6c31c1d199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
htons
inet_addr
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
setsockopt
socket

kernel32

FreeConsole
GetStdHandle
RtlUnwind

crtdll

_errno
_iob
_isatty
_kbhit
__GetMainArgs
_open
_read
_setjmp
_setmode
_sleep
_strcmpi
_write
atoi
exit
fflush
fprintf
getenv
gets
longjmp
malloc
memcmp
memcpy
memset
raise
rand
signal
sprintf
srand
strcat
strchr
strcmp
strlen
strncmp
strncpy
time
_close
_dup

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 120B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE